vinext 0.0.26 → 0.0.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (196) hide show
  1. package/README.md +89 -85
  2. package/dist/build/static-export.d.ts.map +1 -1
  3. package/dist/build/static-export.js +3 -8
  4. package/dist/build/static-export.js.map +1 -1
  5. package/dist/check.d.ts.map +1 -1
  6. package/dist/check.js +152 -48
  7. package/dist/check.js.map +1 -1
  8. package/dist/cli.js +10 -11
  9. package/dist/cli.js.map +1 -1
  10. package/dist/cloudflare/kv-cache-handler.d.ts +32 -1
  11. package/dist/cloudflare/kv-cache-handler.d.ts.map +1 -1
  12. package/dist/cloudflare/kv-cache-handler.js +47 -21
  13. package/dist/cloudflare/kv-cache-handler.js.map +1 -1
  14. package/dist/cloudflare/tpr.d.ts.map +1 -1
  15. package/dist/cloudflare/tpr.js +15 -4
  16. package/dist/cloudflare/tpr.js.map +1 -1
  17. package/dist/config/config-matchers.d.ts +27 -0
  18. package/dist/config/config-matchers.d.ts.map +1 -1
  19. package/dist/config/config-matchers.js +306 -60
  20. package/dist/config/config-matchers.js.map +1 -1
  21. package/dist/config/dotenv.d.ts.map +1 -1
  22. package/dist/config/dotenv.js +1 -6
  23. package/dist/config/dotenv.js.map +1 -1
  24. package/dist/config/next-config.d.ts +7 -0
  25. package/dist/config/next-config.d.ts.map +1 -1
  26. package/dist/config/next-config.js +44 -19
  27. package/dist/config/next-config.js.map +1 -1
  28. package/dist/deploy.d.ts.map +1 -1
  29. package/dist/deploy.js +36 -19
  30. package/dist/deploy.js.map +1 -1
  31. package/dist/entries/app-rsc-entry.d.ts.map +1 -1
  32. package/dist/entries/app-rsc-entry.js +89 -38
  33. package/dist/entries/app-rsc-entry.js.map +1 -1
  34. package/dist/entries/pages-client-entry.d.ts.map +1 -1
  35. package/dist/entries/pages-client-entry.js +5 -3
  36. package/dist/entries/pages-client-entry.js.map +1 -1
  37. package/dist/entries/pages-server-entry.d.ts.map +1 -1
  38. package/dist/entries/pages-server-entry.js +32 -10
  39. package/dist/entries/pages-server-entry.js.map +1 -1
  40. package/dist/index.d.ts +1 -1
  41. package/dist/index.d.ts.map +1 -1
  42. package/dist/index.js +204 -118
  43. package/dist/index.js.map +1 -1
  44. package/dist/init.d.ts.map +1 -1
  45. package/dist/init.js +6 -5
  46. package/dist/init.js.map +1 -1
  47. package/dist/routing/app-router.d.ts +2 -0
  48. package/dist/routing/app-router.d.ts.map +1 -1
  49. package/dist/routing/app-router.js +10 -18
  50. package/dist/routing/app-router.js.map +1 -1
  51. package/dist/routing/file-matcher.d.ts.map +1 -1
  52. package/dist/routing/file-matcher.js.map +1 -1
  53. package/dist/routing/pages-router.d.ts +2 -0
  54. package/dist/routing/pages-router.d.ts.map +1 -1
  55. package/dist/routing/pages-router.js +8 -5
  56. package/dist/routing/pages-router.js.map +1 -1
  57. package/dist/routing/utils.d.ts.map +1 -1
  58. package/dist/routing/utils.js.map +1 -1
  59. package/dist/server/api-handler.d.ts.map +1 -1
  60. package/dist/server/api-handler.js +7 -2
  61. package/dist/server/api-handler.js.map +1 -1
  62. package/dist/server/app-router-entry.d.ts +3 -2
  63. package/dist/server/app-router-entry.d.ts.map +1 -1
  64. package/dist/server/app-router-entry.js +8 -4
  65. package/dist/server/app-router-entry.js.map +1 -1
  66. package/dist/server/dev-module-runner.d.ts.map +1 -1
  67. package/dist/server/dev-module-runner.js +1 -1
  68. package/dist/server/dev-module-runner.js.map +1 -1
  69. package/dist/server/dev-origin-check.d.ts.map +1 -1
  70. package/dist/server/dev-origin-check.js.map +1 -1
  71. package/dist/server/dev-server.d.ts.map +1 -1
  72. package/dist/server/dev-server.js +30 -18
  73. package/dist/server/dev-server.js.map +1 -1
  74. package/dist/server/image-optimization.d.ts.map +1 -1
  75. package/dist/server/image-optimization.js.map +1 -1
  76. package/dist/server/instrumentation.js +1 -1
  77. package/dist/server/instrumentation.js.map +1 -1
  78. package/dist/server/isr-cache.d.ts +13 -1
  79. package/dist/server/isr-cache.d.ts.map +1 -1
  80. package/dist/server/isr-cache.js +10 -1
  81. package/dist/server/isr-cache.js.map +1 -1
  82. package/dist/server/metadata-routes.d.ts.map +1 -1
  83. package/dist/server/metadata-routes.js +6 -18
  84. package/dist/server/metadata-routes.js.map +1 -1
  85. package/dist/server/middleware-codegen.d.ts.map +1 -1
  86. package/dist/server/middleware-codegen.js +12 -10
  87. package/dist/server/middleware-codegen.js.map +1 -1
  88. package/dist/server/middleware-request-headers.d.ts +9 -0
  89. package/dist/server/middleware-request-headers.d.ts.map +1 -0
  90. package/dist/server/middleware-request-headers.js +77 -0
  91. package/dist/server/middleware-request-headers.js.map +1 -0
  92. package/dist/server/middleware.d.ts.map +1 -1
  93. package/dist/server/middleware.js +38 -19
  94. package/dist/server/middleware.js.map +1 -1
  95. package/dist/server/normalize-path.js.map +1 -1
  96. package/dist/server/prod-server.d.ts +1 -1
  97. package/dist/server/prod-server.d.ts.map +1 -1
  98. package/dist/server/prod-server.js +53 -38
  99. package/dist/server/prod-server.js.map +1 -1
  100. package/dist/server/request-pipeline.d.ts +2 -1
  101. package/dist/server/request-pipeline.d.ts.map +1 -1
  102. package/dist/server/request-pipeline.js +5 -7
  103. package/dist/server/request-pipeline.js.map +1 -1
  104. package/dist/shims/cache-runtime.d.ts.map +1 -1
  105. package/dist/shims/cache-runtime.js +21 -16
  106. package/dist/shims/cache-runtime.js.map +1 -1
  107. package/dist/shims/cache.d.ts.map +1 -1
  108. package/dist/shims/cache.js +18 -17
  109. package/dist/shims/cache.js.map +1 -1
  110. package/dist/shims/constants.d.ts.map +1 -1
  111. package/dist/shims/constants.js +1 -6
  112. package/dist/shims/constants.js.map +1 -1
  113. package/dist/shims/dynamic.d.ts.map +1 -1
  114. package/dist/shims/dynamic.js +1 -1
  115. package/dist/shims/dynamic.js.map +1 -1
  116. package/dist/shims/error-boundary.d.ts.map +1 -1
  117. package/dist/shims/error-boundary.js +2 -3
  118. package/dist/shims/error-boundary.js.map +1 -1
  119. package/dist/shims/error.d.ts.map +1 -1
  120. package/dist/shims/error.js +1 -3
  121. package/dist/shims/error.js.map +1 -1
  122. package/dist/shims/fetch-cache.d.ts.map +1 -1
  123. package/dist/shims/fetch-cache.js +53 -29
  124. package/dist/shims/fetch-cache.js.map +1 -1
  125. package/dist/shims/font-google-base.d.ts.map +1 -1
  126. package/dist/shims/font-google-base.js +16 -4
  127. package/dist/shims/font-google-base.js.map +1 -1
  128. package/dist/shims/font-google.d.ts +1 -1
  129. package/dist/shims/font-google.d.ts.map +1 -1
  130. package/dist/shims/font-google.generated.d.ts.map +1 -1
  131. package/dist/shims/font-google.generated.js +412 -206
  132. package/dist/shims/font-google.generated.js.map +1 -1
  133. package/dist/shims/font-google.js +1 -1
  134. package/dist/shims/font-google.js.map +1 -1
  135. package/dist/shims/font-local.d.ts.map +1 -1
  136. package/dist/shims/font-local.js +13 -3
  137. package/dist/shims/font-local.js.map +1 -1
  138. package/dist/shims/form.d.ts.map +1 -1
  139. package/dist/shims/form.js +2 -2
  140. package/dist/shims/form.js.map +1 -1
  141. package/dist/shims/head.d.ts.map +1 -1
  142. package/dist/shims/head.js +10 -8
  143. package/dist/shims/head.js.map +1 -1
  144. package/dist/shims/headers.d.ts +23 -5
  145. package/dist/shims/headers.d.ts.map +1 -1
  146. package/dist/shims/headers.js +97 -37
  147. package/dist/shims/headers.js.map +1 -1
  148. package/dist/shims/image.d.ts.map +1 -1
  149. package/dist/shims/image.js +35 -8
  150. package/dist/shims/image.js.map +1 -1
  151. package/dist/shims/legacy-image.d.ts.map +1 -1
  152. package/dist/shims/legacy-image.js +1 -1
  153. package/dist/shims/legacy-image.js.map +1 -1
  154. package/dist/shims/link.d.ts.map +1 -1
  155. package/dist/shims/link.js +29 -15
  156. package/dist/shims/link.js.map +1 -1
  157. package/dist/shims/metadata.d.ts +12 -2
  158. package/dist/shims/metadata.d.ts.map +1 -1
  159. package/dist/shims/metadata.js +10 -8
  160. package/dist/shims/metadata.js.map +1 -1
  161. package/dist/shims/navigation-state.d.ts.map +1 -1
  162. package/dist/shims/navigation-state.js +3 -2
  163. package/dist/shims/navigation-state.js.map +1 -1
  164. package/dist/shims/navigation.d.ts.map +1 -1
  165. package/dist/shims/navigation.js +26 -19
  166. package/dist/shims/navigation.js.map +1 -1
  167. package/dist/shims/request-context.d.ts +50 -0
  168. package/dist/shims/request-context.d.ts.map +1 -0
  169. package/dist/shims/request-context.js +59 -0
  170. package/dist/shims/request-context.js.map +1 -0
  171. package/dist/shims/router-state.d.ts.map +1 -1
  172. package/dist/shims/router-state.js +2 -1
  173. package/dist/shims/router-state.js.map +1 -1
  174. package/dist/shims/router.d.ts.map +1 -1
  175. package/dist/shims/router.js +18 -25
  176. package/dist/shims/router.js.map +1 -1
  177. package/dist/shims/script.d.ts.map +1 -1
  178. package/dist/shims/script.js.map +1 -1
  179. package/dist/shims/server.d.ts +13 -0
  180. package/dist/shims/server.d.ts.map +1 -1
  181. package/dist/shims/server.js +100 -34
  182. package/dist/shims/server.js.map +1 -1
  183. package/dist/shims/url-utils.d.ts.map +1 -1
  184. package/dist/shims/url-utils.js +1 -3
  185. package/dist/shims/url-utils.js.map +1 -1
  186. package/dist/utils/base-path.d.ts +17 -0
  187. package/dist/utils/base-path.d.ts.map +1 -0
  188. package/dist/utils/base-path.js +25 -0
  189. package/dist/utils/base-path.js.map +1 -0
  190. package/dist/utils/project.d.ts.map +1 -1
  191. package/dist/utils/project.js +2 -4
  192. package/dist/utils/project.js.map +1 -1
  193. package/dist/utils/query.d.ts.map +1 -1
  194. package/dist/utils/query.js +3 -1
  195. package/dist/utils/query.js.map +1 -1
  196. package/package.json +47 -33
package/dist/server/middleware.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/server/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEpD;;;;;;;;GAQG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAC3D,OAAO,IAAI,KAAK,OAAO,CAAC;AAC1B,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,wBAAwB,CACtC,GAA4B,EAC5B,QAAgB;IAEhB,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,OAAO;QACrB,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC;QAC5B,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IAEpC,IAAI,OAAO,OAAO,KAAK,UAAU,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC;QAClD,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,OAAO,QAAQ,UAAU,QAAQ,oCAAoC,cAAc,+BAA+B,CACnH,CAAC;IACJ,CAAC;IAED,OAAO,OAAmB,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,MAAM,WAAW,GAAG;IAClB,UAAU;IACV,UAAU;IACV,WAAW;IACX,cAAc;IACd,cAAc;IACd,eAAe;CAChB,CAAC;AAEF,MAAM,gBAAgB,GAAG;IACvB,eAAe;IACf,gBAAgB;IAChB,eAAe;IACf,gBAAgB;IAChB,mBAAmB;IACnB,oBAAoB;IACpB,mBAAmB;IACnB,oBAAoB;CACrB,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,kEAAkE;IAClE,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACvC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACvC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CACV,sDAAsD;gBACpD,kEAAkE,CACrE,CAAC;YACF,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAQD;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,QAAgB,EAChB,OAAkC;IAElC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,+EAA+E;QAC/E,oEAAoE;QACpE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1B,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACnB,CAAC;iBAAM,IAAI,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;gBACvD,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAe;IAC5D,wCAAwC;IACxC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACpD,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,GAAG,OAAO,GAAG,GAAG,CAAC,CAAC;QAC3C,IAAI,EAAE;YAAE,OAAO,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjC,kCAAkC;IACpC,CAAC;IAED,2DAA2D;IAC3D,8DAA8D;IAC9D,yDAAyD;IACzD,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,MAAM,OAAO,GAAG,sDAAsD,CAAC;IACvE,IAAI,GAA2B,CAAC;IAChC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9C,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACzB,4DAA4D;YAC5D,QAAQ,IAAI,UAAU,CAAC;QACzB,CAAC;aAAM,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YAChC,gDAAgD;YAChD,QAAQ,IAAI,SAAS,CAAC;QACxB,CAAC;aAAM,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YAChC,6BAA6B;YAC7B,QAAQ,IAAI,SAAS,CAAC;QACxB,CAAC;aAAM,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YAC1B,QAAQ,IAAI,KAAK,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAC;IAC5C,IAAI,EAAE;QAAE,OAAO,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACjC,OAAO,QAAQ,KAAK,OAAO,CAAC;AAC9B,CAAC;AAoBD;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAoB,EACpB,cAAsB,EACtB,OAAgB;IAEhB,+DAA+D;IAC/D,0EAA0E;IAC1E,mDAAmD;IACnD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,cAAc,CAA4B,CAAC;IAE3E,sEAAsE;IACtE,iFAAiF;IACjF,mHAAmH;IACnH,MAAM,YAAY,GAAG,wBAAwB,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;IAEnE,uBAAuB;IACvB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAiD,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,EAAE,OAAO,CAAC;IAChC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAEjC,wEAAwE;IACxE,qFAAqF;IACrF,IAAI,eAAuB,CAAC;IAC5B,IAAI,CAAC;QACH,eAAe,GAAG,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,gFAAgF;QAChF,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IACrF,CAAC;IACD,MAAM,kBAAkB,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC;IAE1D,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,EAAE,OAAO,CAAC,EAAE,CAAC;QACpD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAEA,0EAA0E;IAC1E,uEAAuE;IACxE,IAAI,SAAS,GAAG,OAAO,CAAC;IACxB,IAAI,kBAAkB,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC3B,KAAK,CAAC,QAAQ,GAAG,kBAAkB,CAAC;QACpC,SAAS,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,6EAA6E;IAC7E,MAAM,WAAW,GAAG,SAAS,YAAY,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,WAAW,CAAC,SAAS,CAAC,CAAC;IAC9F,MAAM,UAAU,GAAG,IAAI,cAAc,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEpE,yBAAyB;IACzB,IAAI,QAA8B,CAAC;IACnC,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,YAAY,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IACzD,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,CAAC,CAAC,CAAC;QAC/C,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YACnC,CAAC,CAAC,uBAAuB;YACzB,CAAC,CAAC,oBAAoB,GAAG,CAAC,CAAC,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,IAAI,QAAQ,CAAC,OAAO,EAAE;gBAC9B,MAAM,EAAE,GAAG;aACZ,CAAC;SACH,CAAC;IACJ,CAAC;IAED,yEAAyE;IACzE,8EAA8E;IAC9E,UAAU,CAAC,cAAc,EAAE,CAAC;IAE5B,yBAAyB;IACzB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,2DAA2D;IAC3D,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,GAAG,EAAE,CAAC;QACtD,mEAAmE;QACnE,sEAAsE;QACtE,wEAAwE;QACxE,MAAM,eAAe,GAAG,IAAI,OAAO,EAAE,CAAC;QACtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC5C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;gBACrC,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IAC7C,CAAC;IAED,kCAAkC;IAClC,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACtF,IAAI,QAAQ,EAAE,CAAC;YACb,+EAA+E;YAC/E,MAAM,eAAe,GAAG,IAAI,OAAO,EAAE,CAAC;YACtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBAC5C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,UAAU,EAAE,CAAC;oBACzE,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;YACD,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,WAAW,EAAE,QAAQ;gBACrB,cAAc,EAAE,QAAQ,CAAC,MAAM;gBAC/B,eAAe;aAChB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAChE,IAAI,UAAU,EAAE,CAAC;QACf,iDAAiD;QACjD,MAAM,eAAe,GAAG,IAAI,OAAO,EAAE,CAAC;QACtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC5C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;gBACrC,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QACD,sDAAsD;QACtD,IAAI,WAAmB,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YACvD,WAAW,GAAG,aAAa,CAAC,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,WAAW,GAAG,UAAU,CAAC;QAC3B,CAAC;QACD,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,WAAW;YACvB,aAAa,EAAE,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YACpE,eAAe;SAChB,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AACvC,CAAC","sourcesContent":["/**\n * proxy.ts / middleware.ts runner\n *\n * Loads and executes the user's proxy.ts (Next.js 16) or middleware.ts file\n * before routing. Runs in Node (not Edge Runtime), per the vinext design.\n *\n * In Next.js 16, proxy.ts replaces middleware.ts:\n * - proxy.ts: default export OR named `proxy` function, runs on Node.js runtime\n * - middleware.ts: deprecated but still supported for Edge runtime use cases\n *\n * The proxy/middleware receives a NextRequest and can:\n * - Return NextResponse.next() to continue to the route\n * - Return NextResponse.redirect() to redirect\n * - Return NextResponse.rewrite() to rewrite the URL\n * - Set/modify headers and cookies\n * - Return a Response directly (e.g., for auth guards)\n *\n * Supports the `config.matcher` export for path filtering.\n */\n\nimport type { ModuleRunner } from \"vite/module-runner\";\nimport fs from \"node:fs\";\nimport path from \"node:path\";\nimport { NextRequest, NextFetchEvent } from \"../shims/server.js\";\nimport { safeRegExp } from \"../config/config-matchers.js\";\nimport { normalizePath } from \"./normalize-path.js\";\n\n/**\n * Determine whether a middleware/proxy file path refers to a proxy file.\n * proxy.ts files accept `proxy` or `default` exports.\n * middleware.ts files accept `middleware` or `default` exports.\n *\n * Matches Next.js behavior where each file type only accepts its own\n * named export or a default export:\n * https://github.com/vercel/next.js/blob/canary/packages/next/src/build/templates/middleware.ts\n */\nexport function isProxyFile(filePath: string): boolean {\n const base = path.basename(filePath).replace(/\\.\\w+$/, \"\");\n return base === \"proxy\";\n}\n\n/**\n * Resolve the middleware/proxy handler function from a module's exports.\n * Matches Next.js behavior: for proxy files, check `proxy` then `default`;\n * for middleware files, check `middleware` then `default`.\n *\n * Throws if the file exists but doesn't export a valid function, matching\n * Next.js's ProxyMissingExportError behavior.\n *\n * @see https://github.com/vercel/next.js/blob/canary/packages/next/src/build/templates/middleware.ts\n * @see https://github.com/vercel/next.js/blob/canary/test/e2e/app-dir/proxy-missing-export/proxy-missing-export.test.ts\n */\nexport function resolveMiddlewareHandler(\n mod: Record<string, unknown>,\n filePath: string,\n): Function {\n const isProxy = isProxyFile(filePath);\n const handler = isProxy\n ? (mod.proxy ?? mod.default)\n : (mod.middleware ?? mod.default);\n\n if (typeof handler !== \"function\") {\n const fileType = isProxy ? \"Proxy\" : \"Middleware\";\n const expectedExport = isProxy ? \"proxy\" : \"middleware\";\n throw new Error(\n `The ${fileType} file \"${filePath}\" must export a function named \\`${expectedExport}\\` or a \\`default\\` function.`,\n );\n }\n\n return handler as Function;\n}\n\n/**\n * Possible proxy/middleware file names.\n * proxy.ts (Next.js 16) is checked first, then middleware.ts (deprecated).\n */\nconst PROXY_FILES = [\n \"proxy.ts\",\n \"proxy.js\",\n \"proxy.mjs\",\n \"src/proxy.ts\",\n \"src/proxy.js\",\n \"src/proxy.mjs\",\n];\n\nconst MIDDLEWARE_FILES = [\n \"middleware.ts\",\n \"middleware.tsx\",\n \"middleware.js\",\n \"middleware.mjs\",\n \"src/middleware.ts\",\n \"src/middleware.tsx\",\n \"src/middleware.js\",\n \"src/middleware.mjs\",\n];\n\n/**\n * Find the proxy or middleware file in the project root.\n * Checks for proxy.ts (Next.js 16) first, then falls back to middleware.ts.\n * If middleware.ts is found, logs a deprecation warning.\n */\nexport function findMiddlewareFile(root: string): string | null {\n // Check proxy.ts first (Next.js 16 replacement for middleware.ts)\n for (const file of PROXY_FILES) {\n const fullPath = path.join(root, file);\n if (fs.existsSync(fullPath)) {\n return fullPath;\n }\n }\n\n // Fall back to middleware.ts (deprecated in Next.js 16)\n for (const file of MIDDLEWARE_FILES) {\n const fullPath = path.join(root, file);\n if (fs.existsSync(fullPath)) {\n console.warn(\n \"[vinext] middleware.ts is deprecated in Next.js 16. \" +\n \"Rename to proxy.ts and export a default or named proxy function.\",\n );\n return fullPath;\n }\n }\n return null;\n}\n\n/** Matcher pattern from middleware config export. */\ntype MatcherConfig =\n | string\n | string[]\n | { source: string; regexp?: string; locale?: boolean; has?: any[]; missing?: any[] }[];\n\n/**\n * Check if a pathname matches the middleware matcher config.\n * If no matcher is configured, middleware runs on all paths\n * except static files and internal Next.js paths.\n */\nexport function matchesMiddleware(\n pathname: string,\n matcher: MatcherConfig | undefined,\n): boolean {\n if (!matcher) {\n // Next.js default: middleware runs on ALL paths when no matcher is configured.\n // Users opt out of specific paths by configuring a matcher pattern.\n return true;\n }\n\n const patterns: string[] = [];\n if (typeof matcher === \"string\") {\n patterns.push(matcher);\n } else if (Array.isArray(matcher)) {\n for (const m of matcher) {\n if (typeof m === \"string\") {\n patterns.push(m);\n } else if (m && typeof m === \"object\" && \"source\" in m) {\n patterns.push(m.source);\n }\n }\n }\n\n return patterns.some((pattern) => matchPattern(pathname, pattern));\n}\n\n/**\n * Match a single pattern against a pathname.\n * Supports Next.js matcher patterns:\n * /about -> exact match\n * /dashboard/:path* -> prefix match with params\n * /api/:path+ -> one or more segments\n * /((?!api|_next).*) -> regex patterns\n */\nexport function matchPattern(pathname: string, pattern: string): boolean {\n // Handle regex patterns (starts with /)\n if (pattern.includes(\"(\") || pattern.includes(\"\\\\\")) {\n const re = safeRegExp(\"^\" + pattern + \"$\");\n if (re) return re.test(pathname);\n // Fall through to simple matching\n }\n\n // Convert Next.js path patterns to regex in a single pass.\n // Matches /:param*, /:param+, :param, dots, and literal text.\n // Param names may contain hyphens (e.g. [[...sign-in]]).\n let regexStr = \"\";\n const tokenRe = /\\/:([\\w-]+)\\*|\\/:([\\w-]+)\\+|:([\\w-]+)|[.]|[^/:.]+|./g;\n let tok: RegExpExecArray | null;\n while ((tok = tokenRe.exec(pattern)) !== null) {\n if (tok[1] !== undefined) {\n // /:param* → optionally match slash + zero or more segments\n regexStr += \"(?:/.*)?\";\n } else if (tok[2] !== undefined) {\n // /:param+ → match slash + one or more segments\n regexStr += \"(?:/.+)\";\n } else if (tok[3] !== undefined) {\n // :param → match one segment\n regexStr += \"([^/]+)\";\n } else if (tok[0] === \".\") {\n regexStr += \"\\\\.\";\n } else {\n regexStr += tok[0];\n }\n }\n\n const re = safeRegExp(\"^\" + regexStr + \"$\");\n if (re) return re.test(pathname);\n return pathname === pattern;\n}\n\n/** Result of running middleware. */\nexport interface MiddlewareResult {\n /** Whether to continue to the route handler. */\n continue: boolean;\n /** If set, redirect to this URL. */\n redirectUrl?: string;\n /** HTTP status for redirect (default 307). */\n redirectStatus?: number;\n /** If set, rewrite to this URL (internal). */\n rewriteUrl?: string;\n /** HTTP status for rewrite (e.g. 403 from NextResponse.rewrite(url, { status: 403 })). */\n rewriteStatus?: number;\n /** Headers to set on the response. */\n responseHeaders?: Headers;\n /** If the middleware returned a full Response, use it directly. */\n response?: Response;\n}\n\n/**\n * Load and execute middleware for a given request.\n *\n * @param runner - A ModuleRunner used to load the middleware module.\n * Must be a long-lived instance created once (e.g. in configureServer) via\n * createDirectRunner() — NOT recreated per request. Using server.ssrLoadModule\n * directly crashes with `outsideEmitter` when @cloudflare/vite-plugin is\n * present because SSRCompatModuleRunner reads environment.hot.api synchronously.\n * @param middlewarePath - Absolute path to the middleware file\n * @param request - The incoming Request object\n * @returns Middleware result describing what action to take\n */\nexport async function runMiddleware(\n runner: ModuleRunner,\n middlewarePath: string,\n request: Request,\n): Promise<MiddlewareResult> {\n // Load the middleware module via the direct-call ModuleRunner.\n // This bypasses the hot channel entirely and is safe with all Vite plugin\n // combinations, including @cloudflare/vite-plugin.\n const mod = await runner.import(middlewarePath) as Record<string, unknown>;\n\n // Resolve the handler based on file type (proxy.ts vs middleware.ts).\n // Throws if the file doesn't export a valid function, matching Next.js behavior.\n // https://github.com/vercel/next.js/blob/canary/test/e2e/app-dir/proxy-missing-export/proxy-missing-export.test.ts\n const middlewareFn = resolveMiddlewareHandler(mod, middlewarePath);\n\n // Check matcher config\n const config = mod.config as { matcher?: MatcherConfig } | undefined;\n const matcher = config?.matcher;\n const url = new URL(request.url);\n\n // Normalize the pathname before middleware matching to prevent bypasses\n // via percent-encoding (/%61dmin → /admin) or double slashes (/dashboard//settings).\n let decodedPathname: string;\n try {\n decodedPathname = decodeURIComponent(url.pathname);\n } catch {\n // Malformed percent-encoding (e.g. /%E0%A4%A) — return 400 instead of throwing.\n return { continue: false, response: new Response(\"Bad Request\", { status: 400 }) };\n }\n const normalizedPathname = normalizePath(decodedPathname);\n\n if (!matchesMiddleware(normalizedPathname, matcher)) {\n return { continue: true };\n }\n\n // Construct a new Request with the fully decoded + normalized pathname so\n // middleware always sees the same canonical path that the router uses.\n let mwRequest = request;\n if (normalizedPathname !== url.pathname) {\n const mwUrl = new URL(url);\n mwUrl.pathname = normalizedPathname;\n mwRequest = new Request(mwUrl, request);\n }\n\n // Wrap in NextRequest so middleware gets .nextUrl, .cookies, .geo, .ip, etc.\n const nextRequest = mwRequest instanceof NextRequest ? mwRequest : new NextRequest(mwRequest);\n const fetchEvent = new NextFetchEvent({ page: normalizedPathname });\n\n // Execute the middleware\n let response: Response | undefined;\n try {\n response = await middlewareFn(nextRequest, fetchEvent);\n } catch (e: any) {\n console.error(\"[vinext] Middleware error:\", e);\n const message =\n process.env.NODE_ENV === \"production\"\n ? \"Internal Server Error\"\n : \"Middleware Error: \" + (e?.message ?? String(e));\n return {\n continue: false,\n response: new Response(message, {\n status: 500,\n }),\n };\n }\n\n // Drain waitUntil promises (fire-and-forget: we don't block the response\n // on these — matches platform semantics where waitUntil runs after response).\n fetchEvent.drainWaitUntil();\n\n // No response = continue\n if (!response) {\n return { continue: true };\n }\n\n // Check for x-middleware-next header (NextResponse.next())\n if (response.headers.get(\"x-middleware-next\") === \"1\") {\n // Continue to the route, but apply any headers the middleware set.\n // Strip ALL x-middleware-* headers (including x-middleware-request-*)\n // so they never leak to the client — they are internal routing signals.\n const responseHeaders = new Headers();\n for (const [key, value] of response.headers) {\n if (!key.startsWith(\"x-middleware-\")) {\n responseHeaders.append(key, value);\n }\n }\n return { continue: true, responseHeaders };\n }\n\n // Check for redirect (3xx status)\n if (response.status >= 300 && response.status < 400) {\n const location = response.headers.get(\"Location\") ?? response.headers.get(\"location\");\n if (location) {\n // Collect non-internal headers (e.g. Set-Cookie) to forward with the redirect.\n const responseHeaders = new Headers();\n for (const [key, value] of response.headers) {\n if (!key.startsWith(\"x-middleware-\") && key.toLowerCase() !== \"location\") {\n responseHeaders.append(key, value);\n }\n }\n return {\n continue: false,\n redirectUrl: location,\n redirectStatus: response.status,\n responseHeaders,\n };\n }\n }\n\n // Check for rewrite (x-middleware-rewrite header)\n const rewriteUrl = response.headers.get(\"x-middleware-rewrite\");\n if (rewriteUrl) {\n // Continue to the route but with a rewritten URL\n const responseHeaders = new Headers();\n for (const [key, value] of response.headers) {\n if (!key.startsWith(\"x-middleware-\")) {\n responseHeaders.append(key, value);\n }\n }\n // Parse the rewrite URL — may be absolute or relative\n let rewritePath: string;\n try {\n const rewriteParsed = new URL(rewriteUrl, request.url);\n rewritePath = rewriteParsed.pathname + rewriteParsed.search;\n } catch {\n rewritePath = rewriteUrl;\n }\n return {\n continue: true,\n rewriteUrl: rewritePath,\n rewriteStatus: response.status !== 200 ? response.status : undefined,\n responseHeaders,\n };\n }\n\n // Middleware returned a full Response (e.g., blocking, custom body)\n return { continue: false, response };\n}\n"]}
1
+ {"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/server/middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAE7E;;;;;;;;GAQG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAC3D,OAAO,IAAI,KAAK,OAAO,CAAC;AAC1B,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,wBAAwB,CAAC,GAA4B,EAAE,QAAgB;IACrF,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IAEvF,IAAI,OAAO,OAAO,KAAK,UAAU,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC;QAClD,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,OAAO,QAAQ,UAAU,QAAQ,oCAAoC,cAAc,+BAA+B,CACnH,CAAC;IACJ,CAAC;IAED,OAAO,OAAmB,CAAC;AAC7B,CAAC;AAED;;;GAGG;AACH,MAAM,WAAW,GAAG;IAClB,UAAU;IACV,UAAU;IACV,WAAW;IACX,cAAc;IACd,cAAc;IACd,eAAe;CAChB,CAAC;AAEF,MAAM,gBAAgB,GAAG;IACvB,eAAe;IACf,gBAAgB;IAChB,eAAe;IACf,gBAAgB;IAChB,mBAAmB;IACnB,oBAAoB;IACpB,mBAAmB;IACnB,oBAAoB;CACrB,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,kEAAkE;IAClE,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACvC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,KAAK,MAAM,IAAI,IAAI,gBAAgB,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACvC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CACV,sDAAsD;gBACpD,kEAAkE,CACrE,CAAC;YACF,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAQD;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB,EAAE,OAAkC;IACpF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,+EAA+E;QAC/E,oEAAoE;QACpE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC1B,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACnB,CAAC;iBAAM,IAAI,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;gBACvD,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;AACrE,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,eAAe,GAAG,IAAI,GAAG,EAAyB,CAAC;AAEzD;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,OAAe;IAC5D,IAAI,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC1C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACxC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IACD,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,QAAQ,KAAK,OAAO,CAAC;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,OAAe;IAC5C,qDAAqD;IACrD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACpD,OAAO,UAAU,CAAC,GAAG,GAAG,OAAO,GAAG,GAAG,CAAC,CAAC;IACzC,CAAC;IAED,2DAA2D;IAC3D,8DAA8D;IAC9D,yDAAyD;IACzD,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,MAAM,OAAO,GAAG,sDAAsD,CAAC;IACvE,IAAI,GAA2B,CAAC;IAChC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9C,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACzB,4DAA4D;YAC5D,QAAQ,IAAI,UAAU,CAAC;QACzB,CAAC;aAAM,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YAChC,gDAAgD;YAChD,QAAQ,IAAI,SAAS,CAAC;QACxB,CAAC;aAAM,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YAChC,6BAA6B;YAC7B,QAAQ,IAAI,SAAS,CAAC;QACxB,CAAC;aAAM,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YAC1B,QAAQ,IAAI,KAAK,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC,GAAG,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAC;AAC1C,CAAC;AAoBD;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAoB,EACpB,cAAsB,EACtB,OAAgB;IAEhB,+DAA+D;IAC/D,0EAA0E;IAC1E,mDAAmD;IACnD,MAAM,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,CAA4B,CAAC;IAE7E,sEAAsE;IACtE,iFAAiF;IACjF,mHAAmH;IACnH,MAAM,YAAY,GAAG,wBAAwB,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC;IAEnE,uBAAuB;IACvB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAiD,CAAC;IACrE,MAAM,OAAO,GAAG,MAAM,EAAE,OAAO,CAAC;IAChC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAEjC,wEAAwE;IACxE,qFAAqF;IACrF,IAAI,eAAuB,CAAC;IAC5B,IAAI,CAAC;QACH,eAAe,GAAG,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,gFAAgF;QAChF,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IACrF,CAAC;IACD,MAAM,kBAAkB,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC;IAE1D,IAAI,CAAC,iBAAiB,CAAC,kBAAkB,EAAE,OAAO,CAAC,EAAE,CAAC;QACpD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,0EAA0E;IAC1E,uEAAuE;IACvE,IAAI,SAAS,GAAG,OAAO,CAAC;IACxB,IAAI,kBAAkB,KAAK,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC3B,KAAK,CAAC,QAAQ,GAAG,kBAAkB,CAAC;QACpC,SAAS,GAAG,IAAI,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,6EAA6E;IAC7E,MAAM,WAAW,GAAG,SAAS,YAAY,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,WAAW,CAAC,SAAS,CAAC,CAAC;IAC9F,MAAM,UAAU,GAAG,IAAI,cAAc,CAAC,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAEpE,yBAAyB;IACzB,IAAI,QAA8B,CAAC;IACnC,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,YAAY,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IACzD,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,CAAC,CAAC,CAAC;QAC/C,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YACnC,CAAC,CAAC,uBAAuB;YACzB,CAAC,CAAC,oBAAoB,GAAG,CAAC,CAAC,EAAE,OAAO,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,IAAI,QAAQ,CAAC,OAAO,EAAE;gBAC9B,MAAM,EAAE,GAAG;aACZ,CAAC;SACH,CAAC;IACJ,CAAC;IAED,yEAAyE;IACzE,8EAA8E;IAC9E,UAAU,CAAC,cAAc,EAAE,CAAC;IAE5B,yBAAyB;IACzB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,2DAA2D;IAC3D,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,GAAG,EAAE,CAAC;QACtD,yEAAyE;QACzE,uEAAuE;QACvE,MAAM,eAAe,GAAG,IAAI,OAAO,EAAE,CAAC;QACtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC5C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,0BAA0B,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxE,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IAC7C,CAAC;IAED,kCAAkC;IAClC,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACtF,IAAI,QAAQ,EAAE,CAAC;YACb,+EAA+E;YAC/E,MAAM,eAAe,GAAG,IAAI,OAAO,EAAE,CAAC;YACtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;gBAC5C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,UAAU,EAAE,CAAC;oBACzE,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;YACD,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,WAAW,EAAE,QAAQ;gBACrB,cAAc,EAAE,QAAQ,CAAC,MAAM;gBAC/B,eAAe;aAChB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAChE,IAAI,UAAU,EAAE,CAAC;QACf,kDAAkD;QAClD,MAAM,eAAe,GAAG,IAAI,OAAO,EAAE,CAAC;QACtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YAC5C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,IAAI,0BAA0B,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxE,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QACD,sDAAsD;QACtD,IAAI,WAAmB,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;YACvD,WAAW,GAAG,aAAa,CAAC,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,WAAW,GAAG,UAAU,CAAC;QAC3B,CAAC;QACD,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,WAAW;YACvB,aAAa,EAAE,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YACpE,eAAe;SAChB,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AACvC,CAAC","sourcesContent":["/**\n * proxy.ts / middleware.ts runner\n *\n * Loads and executes the user's proxy.ts (Next.js 16) or middleware.ts file\n * before routing. Runs in Node (not Edge Runtime), per the vinext design.\n *\n * In Next.js 16, proxy.ts replaces middleware.ts:\n * - proxy.ts: default export OR named `proxy` function, runs on Node.js runtime\n * - middleware.ts: deprecated but still supported for Edge runtime use cases\n *\n * The proxy/middleware receives a NextRequest and can:\n * - Return NextResponse.next() to continue to the route\n * - Return NextResponse.redirect() to redirect\n * - Return NextResponse.rewrite() to rewrite the URL\n * - Set/modify headers and cookies\n * - Return a Response directly (e.g., for auth guards)\n *\n * Supports the `config.matcher` export for path filtering.\n */\n\nimport type { ModuleRunner } from \"vite/module-runner\";\nimport fs from \"node:fs\";\nimport path from \"node:path\";\nimport { NextRequest, NextFetchEvent } from \"../shims/server.js\";\nimport { safeRegExp } from \"../config/config-matchers.js\";\nimport { normalizePath } from \"./normalize-path.js\";\nimport { shouldKeepMiddlewareHeader } from \"./middleware-request-headers.js\";\n\n/**\n * Determine whether a middleware/proxy file path refers to a proxy file.\n * proxy.ts files accept `proxy` or `default` exports.\n * middleware.ts files accept `middleware` or `default` exports.\n *\n * Matches Next.js behavior where each file type only accepts its own\n * named export or a default export:\n * https://github.com/vercel/next.js/blob/canary/packages/next/src/build/templates/middleware.ts\n */\nexport function isProxyFile(filePath: string): boolean {\n const base = path.basename(filePath).replace(/\\.\\w+$/, \"\");\n return base === \"proxy\";\n}\n\n/**\n * Resolve the middleware/proxy handler function from a module's exports.\n * Matches Next.js behavior: for proxy files, check `proxy` then `default`;\n * for middleware files, check `middleware` then `default`.\n *\n * Throws if the file exists but doesn't export a valid function, matching\n * Next.js's ProxyMissingExportError behavior.\n *\n * @see https://github.com/vercel/next.js/blob/canary/packages/next/src/build/templates/middleware.ts\n * @see https://github.com/vercel/next.js/blob/canary/test/e2e/app-dir/proxy-missing-export/proxy-missing-export.test.ts\n */\nexport function resolveMiddlewareHandler(mod: Record<string, unknown>, filePath: string): Function {\n const isProxy = isProxyFile(filePath);\n const handler = isProxy ? (mod.proxy ?? mod.default) : (mod.middleware ?? mod.default);\n\n if (typeof handler !== \"function\") {\n const fileType = isProxy ? \"Proxy\" : \"Middleware\";\n const expectedExport = isProxy ? \"proxy\" : \"middleware\";\n throw new Error(\n `The ${fileType} file \"${filePath}\" must export a function named \\`${expectedExport}\\` or a \\`default\\` function.`,\n );\n }\n\n return handler as Function;\n}\n\n/**\n * Possible proxy/middleware file names.\n * proxy.ts (Next.js 16) is checked first, then middleware.ts (deprecated).\n */\nconst PROXY_FILES = [\n \"proxy.ts\",\n \"proxy.js\",\n \"proxy.mjs\",\n \"src/proxy.ts\",\n \"src/proxy.js\",\n \"src/proxy.mjs\",\n];\n\nconst MIDDLEWARE_FILES = [\n \"middleware.ts\",\n \"middleware.tsx\",\n \"middleware.js\",\n \"middleware.mjs\",\n \"src/middleware.ts\",\n \"src/middleware.tsx\",\n \"src/middleware.js\",\n \"src/middleware.mjs\",\n];\n\n/**\n * Find the proxy or middleware file in the project root.\n * Checks for proxy.ts (Next.js 16) first, then falls back to middleware.ts.\n * If middleware.ts is found, logs a deprecation warning.\n */\nexport function findMiddlewareFile(root: string): string | null {\n // Check proxy.ts first (Next.js 16 replacement for middleware.ts)\n for (const file of PROXY_FILES) {\n const fullPath = path.join(root, file);\n if (fs.existsSync(fullPath)) {\n return fullPath;\n }\n }\n\n // Fall back to middleware.ts (deprecated in Next.js 16)\n for (const file of MIDDLEWARE_FILES) {\n const fullPath = path.join(root, file);\n if (fs.existsSync(fullPath)) {\n console.warn(\n \"[vinext] middleware.ts is deprecated in Next.js 16. \" +\n \"Rename to proxy.ts and export a default or named proxy function.\",\n );\n return fullPath;\n }\n }\n return null;\n}\n\n/** Matcher pattern from middleware config export. */\ntype MatcherConfig =\n | string\n | string[]\n | { source: string; regexp?: string; locale?: boolean; has?: any[]; missing?: any[] }[];\n\n/**\n * Check if a pathname matches the middleware matcher config.\n * If no matcher is configured, middleware runs on all paths\n * except static files and internal Next.js paths.\n */\nexport function matchesMiddleware(pathname: string, matcher: MatcherConfig | undefined): boolean {\n if (!matcher) {\n // Next.js default: middleware runs on ALL paths when no matcher is configured.\n // Users opt out of specific paths by configuring a matcher pattern.\n return true;\n }\n\n const patterns: string[] = [];\n if (typeof matcher === \"string\") {\n patterns.push(matcher);\n } else if (Array.isArray(matcher)) {\n for (const m of matcher) {\n if (typeof m === \"string\") {\n patterns.push(m);\n } else if (m && typeof m === \"object\" && \"source\" in m) {\n patterns.push(m.source);\n }\n }\n }\n\n return patterns.some((pattern) => matchPattern(pathname, pattern));\n}\n\n/**\n * Cache for compiled middleware matcher regexes.\n *\n * Middleware matcher patterns are static — they come from `config.matcher`\n * in the user's middleware/proxy file and never change at runtime. Without\n * caching, every request re-runs the full tokeniser + isSafeRegex scan +\n * new RegExp() for every matcher pattern. This is the same problem that\n * config-matchers.ts solved with `_compiledPatternCache` (which eliminated\n * ~2.4s of CPU self-time in profiling).\n *\n * Value is `null` when safeRegExp rejected the pattern (ReDoS risk), so we\n * skip it on subsequent requests without re-running the scanner.\n */\nconst _mwPatternCache = new Map<string, RegExp | null>();\n\n/**\n * Match a single pattern against a pathname.\n * Supports Next.js matcher patterns:\n * /about -> exact match\n * /dashboard/:path* -> prefix match with params\n * /api/:path+ -> one or more segments\n * /((?!api|_next).*) -> regex patterns\n */\nexport function matchPattern(pathname: string, pattern: string): boolean {\n let cached = _mwPatternCache.get(pattern);\n if (cached === undefined) {\n cached = compileMatcherPattern(pattern);\n _mwPatternCache.set(pattern, cached);\n }\n if (cached === null) return pathname === pattern;\n return cached.test(pathname);\n}\n\n/**\n * Compile a matcher pattern into a RegExp (or null if rejected by safeRegExp).\n */\nfunction compileMatcherPattern(pattern: string): RegExp | null {\n // Handle regex patterns (contains groups or escapes)\n if (pattern.includes(\"(\") || pattern.includes(\"\\\\\")) {\n return safeRegExp(\"^\" + pattern + \"$\");\n }\n\n // Convert Next.js path patterns to regex in a single pass.\n // Matches /:param*, /:param+, :param, dots, and literal text.\n // Param names may contain hyphens (e.g. [[...sign-in]]).\n let regexStr = \"\";\n const tokenRe = /\\/:([\\w-]+)\\*|\\/:([\\w-]+)\\+|:([\\w-]+)|[.]|[^/:.]+|./g;\n let tok: RegExpExecArray | null;\n while ((tok = tokenRe.exec(pattern)) !== null) {\n if (tok[1] !== undefined) {\n // /:param* → optionally match slash + zero or more segments\n regexStr += \"(?:/.*)?\";\n } else if (tok[2] !== undefined) {\n // /:param+ → match slash + one or more segments\n regexStr += \"(?:/.+)\";\n } else if (tok[3] !== undefined) {\n // :param → match one segment\n regexStr += \"([^/]+)\";\n } else if (tok[0] === \".\") {\n regexStr += \"\\\\.\";\n } else {\n regexStr += tok[0];\n }\n }\n\n return safeRegExp(\"^\" + regexStr + \"$\");\n}\n\n/** Result of running middleware. */\nexport interface MiddlewareResult {\n /** Whether to continue to the route handler. */\n continue: boolean;\n /** If set, redirect to this URL. */\n redirectUrl?: string;\n /** HTTP status for redirect (default 307). */\n redirectStatus?: number;\n /** If set, rewrite to this URL (internal). */\n rewriteUrl?: string;\n /** HTTP status for rewrite (e.g. 403 from NextResponse.rewrite(url, { status: 403 })). */\n rewriteStatus?: number;\n /** Headers to set on the response. */\n responseHeaders?: Headers;\n /** If the middleware returned a full Response, use it directly. */\n response?: Response;\n}\n\n/**\n * Load and execute middleware for a given request.\n *\n * @param runner - A ModuleRunner used to load the middleware module.\n * Must be a long-lived instance created once (e.g. in configureServer) via\n * createDirectRunner() — NOT recreated per request. Using server.ssrLoadModule\n * directly crashes with `outsideEmitter` when @cloudflare/vite-plugin is\n * present because SSRCompatModuleRunner reads environment.hot.api synchronously.\n * @param middlewarePath - Absolute path to the middleware file\n * @param request - The incoming Request object\n * @returns Middleware result describing what action to take\n */\nexport async function runMiddleware(\n runner: ModuleRunner,\n middlewarePath: string,\n request: Request,\n): Promise<MiddlewareResult> {\n // Load the middleware module via the direct-call ModuleRunner.\n // This bypasses the hot channel entirely and is safe with all Vite plugin\n // combinations, including @cloudflare/vite-plugin.\n const mod = (await runner.import(middlewarePath)) as Record<string, unknown>;\n\n // Resolve the handler based on file type (proxy.ts vs middleware.ts).\n // Throws if the file doesn't export a valid function, matching Next.js behavior.\n // https://github.com/vercel/next.js/blob/canary/test/e2e/app-dir/proxy-missing-export/proxy-missing-export.test.ts\n const middlewareFn = resolveMiddlewareHandler(mod, middlewarePath);\n\n // Check matcher config\n const config = mod.config as { matcher?: MatcherConfig } | undefined;\n const matcher = config?.matcher;\n const url = new URL(request.url);\n\n // Normalize the pathname before middleware matching to prevent bypasses\n // via percent-encoding (/%61dmin → /admin) or double slashes (/dashboard//settings).\n let decodedPathname: string;\n try {\n decodedPathname = decodeURIComponent(url.pathname);\n } catch {\n // Malformed percent-encoding (e.g. /%E0%A4%A) — return 400 instead of throwing.\n return { continue: false, response: new Response(\"Bad Request\", { status: 400 }) };\n }\n const normalizedPathname = normalizePath(decodedPathname);\n\n if (!matchesMiddleware(normalizedPathname, matcher)) {\n return { continue: true };\n }\n\n // Construct a new Request with the fully decoded + normalized pathname so\n // middleware always sees the same canonical path that the router uses.\n let mwRequest = request;\n if (normalizedPathname !== url.pathname) {\n const mwUrl = new URL(url);\n mwUrl.pathname = normalizedPathname;\n mwRequest = new Request(mwUrl, request);\n }\n\n // Wrap in NextRequest so middleware gets .nextUrl, .cookies, .geo, .ip, etc.\n const nextRequest = mwRequest instanceof NextRequest ? mwRequest : new NextRequest(mwRequest);\n const fetchEvent = new NextFetchEvent({ page: normalizedPathname });\n\n // Execute the middleware\n let response: Response | undefined;\n try {\n response = await middlewareFn(nextRequest, fetchEvent);\n } catch (e: any) {\n console.error(\"[vinext] Middleware error:\", e);\n const message =\n process.env.NODE_ENV === \"production\"\n ? \"Internal Server Error\"\n : \"Middleware Error: \" + (e?.message ?? String(e));\n return {\n continue: false,\n response: new Response(message, {\n status: 500,\n }),\n };\n }\n\n // Drain waitUntil promises (fire-and-forget: we don't block the response\n // on these — matches platform semantics where waitUntil runs after response).\n fetchEvent.drainWaitUntil();\n\n // No response = continue\n if (!response) {\n return { continue: true };\n }\n\n // Check for x-middleware-next header (NextResponse.next())\n if (response.headers.get(\"x-middleware-next\") === \"1\") {\n // Keep request-override headers so downstream route handling can rebuild\n // the middleware-mutated request before internal headers are stripped.\n const responseHeaders = new Headers();\n for (const [key, value] of response.headers) {\n if (!key.startsWith(\"x-middleware-\") || shouldKeepMiddlewareHeader(key)) {\n responseHeaders.append(key, value);\n }\n }\n return { continue: true, responseHeaders };\n }\n\n // Check for redirect (3xx status)\n if (response.status >= 300 && response.status < 400) {\n const location = response.headers.get(\"Location\") ?? response.headers.get(\"location\");\n if (location) {\n // Collect non-internal headers (e.g. Set-Cookie) to forward with the redirect.\n const responseHeaders = new Headers();\n for (const [key, value] of response.headers) {\n if (!key.startsWith(\"x-middleware-\") && key.toLowerCase() !== \"location\") {\n responseHeaders.append(key, value);\n }\n }\n return {\n continue: false,\n redirectUrl: location,\n redirectStatus: response.status,\n responseHeaders,\n };\n }\n }\n\n // Check for rewrite (x-middleware-rewrite header)\n const rewriteUrl = response.headers.get(\"x-middleware-rewrite\");\n if (rewriteUrl) {\n // Continue to the route but with a rewritten URL.\n const responseHeaders = new Headers();\n for (const [key, value] of response.headers) {\n if (!key.startsWith(\"x-middleware-\") || shouldKeepMiddlewareHeader(key)) {\n responseHeaders.append(key, value);\n }\n }\n // Parse the rewrite URL — may be absolute or relative\n let rewritePath: string;\n try {\n const rewriteParsed = new URL(rewriteUrl, request.url);\n rewritePath = rewriteParsed.pathname + rewriteParsed.search;\n } catch {\n rewritePath = rewriteUrl;\n }\n return {\n continue: true,\n rewriteUrl: rewritePath,\n rewriteStatus: response.status !== 200 ? response.status : undefined,\n responseHeaders,\n };\n }\n\n // Middleware returned a full Response (e.g., blocking, custom body)\n return { continue: false, response };\n}\n"]}
package/dist/server/normalize-path.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"normalize-path.js","sourceRoot":"","sources":["../../src/server/normalize-path.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC5C,0EAA0E;IAC1E,IACE,QAAQ,KAAK,GAAG;QAChB,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;YAClB,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG;YACnB,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;YACxB,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;YACzB,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC1B,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;YACxB,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAC5B,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,OAAO,KAAK,EAAE,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YACtC,qEAAqE;YACrE,SAAS;QACX,CAAC;QACD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,wCAAwC;YACxC,QAAQ,CAAC,GAAG,EAAE,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClC,CAAC","sourcesContent":["/**\n * Path normalization utility for request handling.\n *\n * Normalizes URL pathnames to a canonical form BEFORE any matching occurs\n * (middleware, routing, redirects, rewrites). This ensures middleware and\n * the router always see the same path, preventing path-confusion issues like\n * double-slash mismatches.\n *\n * Normalization rules:\n * 1. Collapse consecutive slashes: //foo///bar → /foo/bar\n * 2. Resolve single-dot segments: /foo/./bar → /foo/bar\n * 3. Resolve double-dot segments: /foo/../bar → /bar\n * 4. Ensure leading slash: foo/bar → /foo/bar\n * 5. Preserve root: / → /\n *\n * This function does NOT:\n * - Strip or add trailing slashes (handled separately by trailingSlash config)\n * - Decode percent-encoded characters (callers should decode before calling this)\n * - Lowercase the path (route matching is case-sensitive)\n */\nexport function normalizePath(pathname: string): string {\n // Fast path: already canonical (single leading /, no //, no /./, no /../)\n if (\n pathname === \"/\" ||\n (pathname.length > 1 &&\n pathname[0] === \"/\" &&\n !pathname.includes(\"//\") &&\n !pathname.includes(\"/./\") &&\n !pathname.includes(\"/../\") &&\n !pathname.endsWith(\"/.\") &&\n !pathname.endsWith(\"/..\"))\n ) {\n return pathname;\n }\n\n const segments = pathname.split(\"/\");\n const resolved: string[] = [];\n\n for (const segment of segments) {\n if (segment === \"\" || segment === \".\") {\n // Skip empty segments (from // or leading /) and single-dot segments\n continue;\n }\n if (segment === \"..\") {\n // Go up one level, but never above root\n resolved.pop();\n } else {\n resolved.push(segment);\n }\n }\n\n return \"/\" + resolved.join(\"/\");\n}\n\n"]}
1
+ {"version":3,"file":"normalize-path.js","sourceRoot":"","sources":["../../src/server/normalize-path.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC5C,0EAA0E;IAC1E,IACE,QAAQ,KAAK,GAAG;QAChB,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC;YAClB,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG;YACnB,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;YACxB,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;YACzB,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC1B,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;YACxB,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAC5B,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,OAAO,KAAK,EAAE,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YACtC,qEAAqE;YACrE,SAAS;QACX,CAAC;QACD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,wCAAwC;YACxC,QAAQ,CAAC,GAAG,EAAE,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClC,CAAC","sourcesContent":["/**\n * Path normalization utility for request handling.\n *\n * Normalizes URL pathnames to a canonical form BEFORE any matching occurs\n * (middleware, routing, redirects, rewrites). This ensures middleware and\n * the router always see the same path, preventing path-confusion issues like\n * double-slash mismatches.\n *\n * Normalization rules:\n * 1. Collapse consecutive slashes: //foo///bar → /foo/bar\n * 2. Resolve single-dot segments: /foo/./bar → /foo/bar\n * 3. Resolve double-dot segments: /foo/../bar → /bar\n * 4. Ensure leading slash: foo/bar → /foo/bar\n * 5. Preserve root: / → /\n *\n * This function does NOT:\n * - Strip or add trailing slashes (handled separately by trailingSlash config)\n * - Decode percent-encoded characters (callers should decode before calling this)\n * - Lowercase the path (route matching is case-sensitive)\n */\nexport function normalizePath(pathname: string): string {\n // Fast path: already canonical (single leading /, no //, no /./, no /../)\n if (\n pathname === \"/\" ||\n (pathname.length > 1 &&\n pathname[0] === \"/\" &&\n !pathname.includes(\"//\") &&\n !pathname.includes(\"/./\") &&\n !pathname.includes(\"/../\") &&\n !pathname.endsWith(\"/.\") &&\n !pathname.endsWith(\"/..\"))\n ) {\n return pathname;\n }\n\n const segments = pathname.split(\"/\");\n const resolved: string[] = [];\n\n for (const segment of segments) {\n if (segment === \"\" || segment === \".\") {\n // Skip empty segments (from // or leading /) and single-dot segments\n continue;\n }\n if (segment === \"..\") {\n // Go up one level, but never above root\n resolved.pop();\n } else {\n resolved.push(segment);\n }\n }\n\n return \"/\" + resolved.join(\"/\");\n}\n"]}
package/dist/server/prod-server.d.ts CHANGED
@@ -80,5 +80,5 @@ declare function nodeToWebRequest(req: IncomingMessage): Request;
80
80
  * Pages Router (dist/server/entry.js) and configures the appropriate handler.
81
81
  */
82
82
  export declare function startProdServer(options?: ProdServerOptions): Promise<import("node:http").Server<typeof IncomingMessage, typeof ServerResponse>>;
83
- export { sendCompressed, negotiateEncoding, COMPRESSIBLE_TYPES, COMPRESS_THRESHOLD, resolveHost, trustedHosts, trustProxy, nodeToWebRequest, mergeResponseHeaders };
83
+ export { sendCompressed, negotiateEncoding, COMPRESSIBLE_TYPES, COMPRESS_THRESHOLD, resolveHost, trustedHosts, trustProxy, nodeToWebRequest, mergeResponseHeaders, };
84
84
  //# sourceMappingURL=prod-server.d.ts.map
package/dist/server/prod-server.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"prod-server.d.ts","sourceRoot":"","sources":["../../src/server/prod-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,EAAgB,KAAK,eAAe,EAAE,KAAK,cAAc,EAAE,MAAM,WAAW,CAAC;AAuBpF,MAAM,WAAW,iBAAiB;IAChC,wBAAwB;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sBAAsB;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,yCAAyC;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2CAA2C;IAC3C,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,mDAAmD;AACnD,QAAA,MAAM,kBAAkB,aAetB,CAAC;AAEH,0GAA0G;AAC1G,QAAA,MAAM,kBAAkB,OAAO,CAAC;AAEhC;;;GAGG;AACH,iBAAS,iBAAiB,CAAC,GAAG,EAAE,eAAe,GAAG,IAAI,GAAG,MAAM,GAAG,SAAS,GAAG,IAAI,CAQjF;AAoBD;;;;GAIG;AACH,iBAAS,oBAAoB,CAC3B,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,EACpD,QAAQ,EAAE,QAAQ,GACjB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAqBnC;AAED;;;GAGG;AACH,iBAAS,cAAc,CACrB,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,IAAI,EAAE,MAAM,GAAG,MAAM,EACrB,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,EAClB,YAAY,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAM,EACpD,QAAQ,GAAE,OAAc,GACvB,IAAI,CAmCN;AAkGD;;;;;;;;;;;GAWG;AACH,iBAAS,WAAW,CAAC,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAcnE;AAED,4EAA4E;AAC5E,QAAA,MAAM,YAAY,EAAE,GAAG,CAAC,MAAM,CAK7B,CAAC;AAEF;;;;GAIG;AACH,QAAA,MAAM,UAAU,SAAkE,CAAC;AAEnF;;GAEG;AACH,iBAAS,gBAAgB,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAmCvD;AA+ED;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,OAAO,GAAE,iBAAsB,sFA6BpE;AA+iBD,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,CAAC"}
1
+ {"version":3,"file":"prod-server.d.ts","sourceRoot":"","sources":["../../src/server/prod-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,EAAgB,KAAK,eAAe,EAAE,KAAK,cAAc,EAAE,MAAM,WAAW,CAAC;AAyCpF,MAAM,WAAW,iBAAiB;IAChC,wBAAwB;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sBAAsB;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,yCAAyC;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2CAA2C;IAC3C,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB;AAED,mDAAmD;AACnD,QAAA,MAAM,kBAAkB,aAetB,CAAC;AAEH,0GAA0G;AAC1G,QAAA,MAAM,kBAAkB,OAAO,CAAC;AAEhC;;;GAGG;AACH,iBAAS,iBAAiB,CAAC,GAAG,EAAE,eAAe,GAAG,IAAI,GAAG,MAAM,GAAG,SAAS,GAAG,IAAI,CAQjF;AAsBD;;;;GAIG;AACH,iBAAS,oBAAoB,CAC3B,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,EACpD,QAAQ,EAAE,QAAQ,GACjB,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAmBnC;AAED;;;GAGG;AACH,iBAAS,cAAc,CACrB,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,IAAI,EAAE,MAAM,GAAG,MAAM,EACrB,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,EAClB,YAAY,GAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAM,EACpD,QAAQ,GAAE,OAAc,GACvB,IAAI,CAuCN;AA8FD;;;;;;;;;;;GAWG;AACH,iBAAS,WAAW,CAAC,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAcnE;AAED,4EAA4E;AAC5E,QAAA,MAAM,YAAY,EAAE,GAAG,CAAC,MAAM,CAK7B,CAAC;AAEF;;;;GAIG;AACH,QAAA,MAAM,UAAU,SAAkE,CAAC;AAEnF;;GAEG;AACH,iBAAS,gBAAgB,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAmCvD;AAiFD;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,OAAO,GAAE,iBAAsB,sFA6BpE;AAolBD,OAAO,EACL,cAAc,EACd,iBAAiB,EACjB,kBAAkB,EAClB,kBAAkB,EAClB,WAAW,EACX,YAAY,EACZ,UAAU,EACV,gBAAgB,EAChB,oBAAoB,GACrB,CAAC"}
package/dist/server/prod-server.js CHANGED
@@ -23,9 +23,10 @@ import { pathToFileURL } from "node:url";
23
23
  import fs from "node:fs";
24
24
  import path from "node:path";
25
25
  import zlib from "node:zlib";
26
- import { matchRedirect, matchRewrite, matchHeaders, requestContextFromRequest, applyMiddlewareRequestHeaders, isExternalUrl, proxyExternalRequest, sanitizeDestination } from "../config/config-matchers.js";
27
- import { IMAGE_OPTIMIZATION_PATH, IMAGE_CONTENT_SECURITY_POLICY, parseImageParams, isSafeImageContentType, DEFAULT_DEVICE_SIZES, DEFAULT_IMAGE_SIZES } from "./image-optimization.js";
26
+ import { matchRedirect, matchRewrite, matchHeaders, requestContextFromRequest, applyMiddlewareRequestHeaders, isExternalUrl, proxyExternalRequest, sanitizeDestination, } from "../config/config-matchers.js";
27
+ import { IMAGE_OPTIMIZATION_PATH, IMAGE_CONTENT_SECURITY_POLICY, parseImageParams, isSafeImageContentType, DEFAULT_DEVICE_SIZES, DEFAULT_IMAGE_SIZES, } from "./image-optimization.js";
28
28
  import { normalizePath } from "./normalize-path.js";
29
+ import { hasBasePath, stripBasePath } from "../utils/base-path.js";
29
30
  import { computeLazyChunks } from "../index.js";
30
31
  /** Convert a Node.js IncomingMessage into a ReadableStream for Web Request body. */
31
32
  function readNodeStream(req) {
@@ -108,9 +109,7 @@ function mergeResponseHeaders(middlewareHeaders, response) {
108
109
  const responseCookies = response.headers.getSetCookie?.() ?? [];
109
110
  if (responseCookies.length > 0) {
110
111
  const existing = merged["set-cookie"];
111
- const mwCookies = existing
112
- ? (Array.isArray(existing) ? existing : [existing])
113
- : [];
112
+ const mwCookies = existing ? (Array.isArray(existing) ? existing : [existing]) : [];
114
113
  merged["set-cookie"] = [...mwCookies, ...responseCookies];
115
114
  }
116
115
  return merged;
@@ -133,7 +132,9 @@ function sendCompressed(req, res, body, contentType, statusCode, extraHeaders =
133
132
  let varyValue;
134
133
  if (existingVary) {
135
134
  const existing = existingVary.toLowerCase();
136
- varyValue = existing.includes("accept-encoding") ? existingVary : existingVary + ", Accept-Encoding";
135
+ varyValue = existing.includes("accept-encoding")
136
+ ? existingVary
137
+ : existingVary + ", Accept-Encoding";
137
138
  }
138
139
  else {
139
140
  varyValue = "Accept-Encoding";
@@ -145,7 +146,9 @@ function sendCompressed(req, res, body, contentType, statusCode, extraHeaders =
145
146
  Vary: varyValue,
146
147
  });
147
148
  compressor.end(buf);
148
- pipeline(compressor, res, () => { });
149
+ pipeline(compressor, res, () => {
150
+ /* ignore pipeline errors on closed connections */
151
+ });
149
152
  }
150
153
  else {
151
154
  res.writeHead(statusCode, {
@@ -202,17 +205,13 @@ function tryServeStatic(req, res, clientDir, pathname, compress, extraHeaders) {
202
205
  if (!staticFile.startsWith(resolvedClient + path.sep) && staticFile !== resolvedClient) {
203
206
  return false;
204
207
  }
205
- if (pathname === "/" ||
206
- !fs.existsSync(staticFile) ||
207
- !fs.statSync(staticFile).isFile()) {
208
+ if (pathname === "/" || !fs.existsSync(staticFile) || !fs.statSync(staticFile).isFile()) {
208
209
  return false;
209
210
  }
210
211
  const ext = path.extname(staticFile);
211
212
  const ct = CONTENT_TYPES[ext] ?? "application/octet-stream";
212
213
  const isHashed = pathname.startsWith("/assets/");
213
- const cacheControl = isHashed
214
- ? "public, max-age=31536000, immutable"
215
- : "public, max-age=3600";
214
+ const cacheControl = isHashed ? "public, max-age=31536000, immutable" : "public, max-age=3600";
216
215
  const baseHeaders = {
217
216
  "Content-Type": ct,
218
217
  "Cache-Control": cacheControl,
@@ -229,7 +228,9 @@ function tryServeStatic(req, res, clientDir, pathname, compress, extraHeaders) {
229
228
  "Content-Encoding": encoding,
230
229
  Vary: "Accept-Encoding",
231
230
  });
232
- pipeline(fileStream, compressor, res, () => { });
231
+ pipeline(fileStream, compressor, res, () => {
232
+ /* ignore */
233
+ });
233
234
  return true;
234
235
  }
235
236
  }
@@ -321,9 +322,7 @@ async function sendWebResponse(webResponse, req, res, compress) {
321
322
  webResponse.headers.forEach((value, key) => {
322
323
  const existing = nodeHeaders[key];
323
324
  if (existing !== undefined) {
324
- nodeHeaders[key] = Array.isArray(existing)
325
- ? [...existing, value]
326
- : [existing, value];
325
+ nodeHeaders[key] = Array.isArray(existing) ? [...existing, value] : [existing, value];
327
326
  }
328
327
  else {
329
328
  nodeHeaders[key] = value;
@@ -339,7 +338,7 @@ async function sendWebResponse(webResponse, req, res, compress) {
339
338
  const alreadyEncoded = webResponse.headers.has("content-encoding");
340
339
  const contentType = webResponse.headers.get("content-type") ?? "";
341
340
  const baseType = contentType.split(";")[0].trim();
342
- const encoding = (compress && !alreadyEncoded) ? negotiateEncoding(req) : null;
341
+ const encoding = compress && !alreadyEncoded ? negotiateEncoding(req) : null;
343
342
  const shouldCompress = !!(encoding && COMPRESSIBLE_TYPES.has(baseType));
344
343
  if (shouldCompress) {
345
344
  delete nodeHeaders["content-length"];
@@ -370,10 +369,14 @@ async function sendWebResponse(webResponse, req, res, compress) {
370
369
  const nodeStream = Readable.fromWeb(webResponse.body);
371
370
  if (shouldCompress) {
372
371
  const compressor = createCompressor(encoding);
373
- pipeline(nodeStream, compressor, res, () => { });
372
+ pipeline(nodeStream, compressor, res, () => {
373
+ /* ignore pipeline errors on closed connections */
374
+ });
374
375
  }
375
376
  else {
376
- pipeline(nodeStream, res, () => { });
377
+ pipeline(nodeStream, res, () => {
378
+ /* ignore pipeline errors on closed connections */
379
+ });
377
380
  }
378
381
  }
379
382
  /**
@@ -428,7 +431,9 @@ async function startAppRouterServer(options) {
428
431
  try {
429
432
  imageConfig = JSON.parse(fs.readFileSync(imageConfigPath, "utf-8"));
430
433
  }
431
- catch { /* ignore parse errors */ }
434
+ catch {
435
+ /* ignore parse errors */
436
+ }
432
437
  }
433
438
  // Import the RSC handler (use file:// URL for reliable dynamic import)
434
439
  const rscModule = await import(pathToFileURL(rscEntryPath).href);
@@ -549,7 +554,9 @@ async function startPagesRouterServer(options) {
549
554
  globalThis.__VINEXT_LAZY_CHUNKS__ = lazyChunks;
550
555
  }
551
556
  }
552
- catch { /* ignore parse errors */ }
557
+ catch {
558
+ /* ignore parse errors */
559
+ }
553
560
  }
554
561
  // Import the server entry module (use file:// URL for reliable dynamic import)
555
562
  const serverEntry = await import(pathToFileURL(serverEntryPath).href);
@@ -558,7 +565,11 @@ async function startPagesRouterServer(options) {
558
565
  const basePath = vinextConfig?.basePath ?? "";
559
566
  const trailingSlash = vinextConfig?.trailingSlash ?? false;
560
567
  const configRedirects = vinextConfig?.redirects ?? [];
561
- const configRewrites = vinextConfig?.rewrites ?? { beforeFiles: [], afterFiles: [], fallback: [] };
568
+ const configRewrites = vinextConfig?.rewrites ?? {
569
+ beforeFiles: [],
570
+ afterFiles: [],
571
+ fallback: [],
572
+ };
562
573
  const configHeaders = vinextConfig?.headers ?? [];
563
574
  // Compute allowed image widths from config (union of deviceSizes + imageSizes)
564
575
  const allowedImageWidths = [
@@ -566,11 +577,13 @@ async function startPagesRouterServer(options) {
566
577
  ...(vinextConfig?.images?.imageSizes ?? DEFAULT_IMAGE_SIZES),
567
578
  ];
568
579
  // Extract image security config for SVG handling and security headers
569
- const pagesImageConfig = vinextConfig?.images ? {
570
- dangerouslyAllowSVG: vinextConfig.images.dangerouslyAllowSVG,
571
- contentDispositionType: vinextConfig.images.contentDispositionType,
572
- contentSecurityPolicy: vinextConfig.images.contentSecurityPolicy,
573
- } : undefined;
580
+ const pagesImageConfig = vinextConfig?.images
581
+ ? {
582
+ dangerouslyAllowSVG: vinextConfig.images.dangerouslyAllowSVG,
583
+ contentDispositionType: vinextConfig.images.contentDispositionType,
584
+ contentSecurityPolicy: vinextConfig.images.contentSecurityPolicy,
585
+ }
586
+ : undefined;
574
587
  const server = createServer(async (req, res) => {
575
588
  const rawUrl = req.url ?? "/";
576
589
  // Normalize backslashes (browsers treat /\ as //), then decode and normalize path.
@@ -601,9 +614,7 @@ async function startPagesRouterServer(options) {
601
614
  // Serve static files from client build. When basePath is configured,
602
615
  // Vite's `base` config ensures assets are under basePath/assets/.
603
616
  // We check both with and without basePath.
604
- const staticLookupPath = basePath && pathname.startsWith(basePath)
605
- ? pathname.slice(basePath.length) || "/"
606
- : pathname;
617
+ const staticLookupPath = stripBasePath(pathname, basePath);
607
618
  if (staticLookupPath !== "/" &&
608
619
  !staticLookupPath.startsWith("/api/") &&
609
620
  tryServeStatic(req, res, clientDir, staticLookupPath, compress)) {
@@ -641,11 +652,13 @@ async function startPagesRouterServer(options) {
641
652
  }
642
653
  try {
643
654
  // ── 2. Strip basePath ─────────────────────────────────────────
644
- if (basePath && pathname.startsWith(basePath)) {
645
- const stripped = pathname.slice(basePath.length) || "/";
646
- const qs = url.includes("?") ? url.slice(url.indexOf("?")) : "";
647
- url = stripped + qs;
648
- pathname = stripped;
655
+ {
656
+ const stripped = stripBasePath(pathname, basePath);
657
+ if (stripped !== pathname) {
658
+ const qs = url.includes("?") ? url.slice(url.indexOf("?")) : "";
659
+ url = stripped + qs;
660
+ pathname = stripped;
661
+ }
649
662
  }
650
663
  // ── 3. Trailing slash normalization ───────────────────────────
651
664
  if (pathname !== "/" && pathname !== "/api" && !pathname.startsWith("/api/")) {
@@ -811,7 +824,9 @@ async function startPagesRouterServer(options) {
811
824
  // Guard against double-prefixing: only add basePath if destination
812
825
  // doesn't already start with it.
813
826
  // Sanitize the final destination to prevent protocol-relative URL open redirects.
814
- const dest = sanitizeDestination(basePath && !redirect.destination.startsWith(basePath)
827
+ const dest = sanitizeDestination(basePath &&
828
+ !isExternalUrl(redirect.destination) &&
829
+ !hasBasePath(redirect.destination, basePath)
815
830
  ? basePath + redirect.destination
816
831
  : redirect.destination);
817
832
  res.writeHead(redirect.permanent ? 308 : 307, { Location: dest });
@@ -909,5 +924,5 @@ async function startPagesRouterServer(options) {
909
924
  return server;
910
925
  }
911
926
  // Export helpers for testing
912
- export { sendCompressed, negotiateEncoding, COMPRESSIBLE_TYPES, COMPRESS_THRESHOLD, resolveHost, trustedHosts, trustProxy, nodeToWebRequest, mergeResponseHeaders };
927
+ export { sendCompressed, negotiateEncoding, COMPRESSIBLE_TYPES, COMPRESS_THRESHOLD, resolveHost, trustedHosts, trustProxy, nodeToWebRequest, mergeResponseHeaders, };
913
928
  //# sourceMappingURL=prod-server.js.map