vinext 0.0.26 → 0.0.27

package/dist/entries/app-rsc-entry.js

@@ -10,7 +10,7 @@
 import fs from "node:fs";
 import { fileURLToPath } from "node:url";
 import { generateDevOriginCheckCode } from "../server/dev-origin-check.js";
-import { generateSafeRegExpCode, generateMiddlewareMatcherCode, generateNormalizePathCode } from "../server/middleware-codegen.js";
+import { generateSafeRegExpCode, generateMiddlewareMatcherCode, generateNormalizePathCode, } from "../server/middleware-codegen.js";
 import { isProxyFile } from "../server/middleware.js";
 // Pre-computed absolute paths for generated-code imports. The virtual RSC
 // entry can't use relative imports (it has no real file location), so we
@@ -96,7 +96,7 @@ export function generateRscEntry(appDir, routes, middlewarePath, metadataRoutes,
     const routeEntries = routes.map((route) => {
         const layoutVars = route.layouts.map((l) => getImportVar(l));
         const templateVars = route.templates.map((t) => getImportVar(t));
-        const notFoundVars = (route.notFoundPaths || []).map((nf) => nf ? getImportVar(nf) : "null");
+        const notFoundVars = (route.notFoundPaths || []).map((nf) => (nf ? getImportVar(nf) : "null"));
         const slotEntries = route.parallelSlots.map((slot) => {
             const interceptEntries = slot.interceptingRoutes.map((ir) => {
                 return `        {
@@ -121,6 +121,7 @@ ${interceptEntries.join(",\n")}
         const layoutErrorVars = (route.layoutErrorPaths || []).map((ep) => ep ? getImportVar(ep) : "null");
         return `  {
     pattern: ${JSON.stringify(route.pattern)},
+    patternParts: ${JSON.stringify(route.patternParts)},
     isDynamic: ${route.isDynamic},
     params: ${JSON.stringify(route.params)},
     page: ${route.pagePath ? getImportVar(route.pagePath) : "null"},
@@ -143,18 +144,12 @@ ${slotEntries.join(",\n")}
     });
     // Find root not-found/forbidden/unauthorized pages and root layouts for global error handling
     const rootRoute = routes.find((r) => r.pattern === "/");
-    const rootNotFoundVar = rootRoute?.notFoundPath
-        ? getImportVar(rootRoute.notFoundPath)
-        : null;
-    const rootForbiddenVar = rootRoute?.forbiddenPath
-        ? getImportVar(rootRoute.forbiddenPath)
-        : null;
+    const rootNotFoundVar = rootRoute?.notFoundPath ? getImportVar(rootRoute.notFoundPath) : null;
+    const rootForbiddenVar = rootRoute?.forbiddenPath ? getImportVar(rootRoute.forbiddenPath) : null;
     const rootUnauthorizedVar = rootRoute?.unauthorizedPath
         ? getImportVar(rootRoute.unauthorizedPath)
         : null;
-    const rootLayoutVars = rootRoute
-        ? rootRoute.layouts.map((l) => getImportVar(l))
-        : [];
+    const rootLayoutVars = rootRoute ? rootRoute.layouts.map((l) => getImportVar(l)) : [];
     // Global error boundary (app/global-error.tsx)
     const globalErrorVar = globalErrorPath ? getImportVar(globalErrorPath) : null;
     // Build metadata route handling
@@ -214,7 +209,7 @@ ${middlewarePath ? `import * as middlewareModule from ${JSON.stringify(middlewar
 ${instrumentationPath ? `import * as _instrumentation from ${JSON.stringify(instrumentationPath.replace(/\\/g, "/"))};` : ""}
 ${effectiveMetaRoutes.length > 0 ? `import { sitemapToXml, robotsToText, manifestToJson } from ${JSON.stringify(fileURLToPath(new URL("../server/metadata-routes.js", import.meta.url)).replace(/\\/g, "/"))};` : ""}
 import { requestContextFromRequest, matchRedirect, matchRewrite, matchHeaders, isExternalUrl, proxyExternalRequest, sanitizeDestination } from ${JSON.stringify(configMatchersPath)};
-import { validateCsrfOrigin, validateImageUrl, guardProtocolRelativeUrl, stripBasePath, normalizeTrailingSlash, processMiddlewareHeaders } from ${JSON.stringify(requestPipelinePath)};
+import { validateCsrfOrigin, validateImageUrl, guardProtocolRelativeUrl, hasBasePath, stripBasePath, normalizeTrailingSlash, processMiddlewareHeaders } from ${JSON.stringify(requestPipelinePath)};
 import { _consumeRequestScopedCacheLife, _runWithCacheState } from "next/cache";
 import { runWithFetchCache } from "vinext/fetch-cache";
 import { runWithPrivateCache as _runWithPrivateCache } from "vinext/cache-runtime";
@@ -431,7 +426,8 @@ function createRscOnErrorHandler(request, pathname, routePath) {
 
 ${imports.join("\n")}
 
-${instrumentationPath ? `// Run instrumentation register() exactly once, lazily on the first request.
+${instrumentationPath
+        ? `// Run instrumentation register() exactly once, lazily on the first request.
 // Previously this was a top-level await, which blocked the entire module graph
 // from finishing initialization until register() resolved — adding that latency
 // to every cold start. Moving it here preserves the "runs before any request is
@@ -460,7 +456,8 @@ async function __ensureInstrumentation() {
     __instrumentationInitialized = true;
   })();
   return __instrumentationInitPromise;
-}` : ""}
+}`
+        : ""}
 
 const routes = [
 ${routeEntries.join(",\n")}
@@ -556,7 +553,8 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
         element = createElement(LayoutSegmentProvider, { childSegments: _cs }, element);
       }
     }
-    ${globalErrorVar ? `
+    ${globalErrorVar
+        ? `
     const _GlobalErrorComponent = ${globalErrorVar}.default;
     if (_GlobalErrorComponent) {
       element = createElement(ErrorBoundary, {
@@ -564,7 +562,8 @@ async function renderHTTPAccessFallbackPage(route, statusCode, isRscRequest, req
         children: element,
       });
     }
-    ` : ""}
+    `
+        : ""}
     const _pathname = new URL(request.url).pathname;
     const onRenderError = createRscOnErrorHandler(
       request,
@@ -644,12 +643,14 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
       }
     }
   }
-  ${globalErrorVar ? `
+  ${globalErrorVar
+        ? `
   if (!ErrorComponent) {
     ErrorComponent = ${globalErrorVar}?.default ?? null;
     _isGlobalError = !!ErrorComponent;
   }
-  ` : ""}
+  `
+        : ""}
   if (!ErrorComponent) return null;
 
   const rawError = error instanceof Error ? error : new Error(String(error));
@@ -687,7 +688,8 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
           element = createElement(LayoutSegmentProvider, { childSegments: _ecs }, element);
         }
       }
-      ${globalErrorVar ? `
+      ${globalErrorVar
+        ? `
       const _ErrGlobalComponent = ${globalErrorVar}.default;
       if (_ErrGlobalComponent) {
         element = createElement(ErrorBoundary, {
@@ -695,7 +697,8 @@ async function renderErrorBoundaryPage(route, error, isRscRequest, request, matc
           children: element,
         });
       }
-      ` : ""}
+      `
+        : ""}
     } else {
       // For HTML (full page load) responses, wrap with layouts only.
       const _errParamsHtml = matchedParams ?? route?.params ?? {};
@@ -757,16 +760,15 @@ function matchRoute(url, routes) {
    // NOTE: Do NOT decodeURIComponent here. The caller is responsible for decoding
    // the pathname exactly once at the request entry point. Decoding again here
    // would cause inconsistent path matching between middleware and routing.
+  const urlParts = normalizedUrl.split("/").filter(Boolean);
   for (const route of routes) {
-    const params = matchPattern(normalizedUrl, route.pattern);
+    const params = matchPattern(urlParts, route.patternParts);
     if (params !== null) return { route, params };
   }
   return null;
 }
 
-function matchPattern(url, pattern) {
-  const urlParts = url.split("/").filter(Boolean);
-  const patternParts = pattern.split("/").filter(Boolean);
+function matchPattern(urlParts, patternParts) {
   const params = Object.create(null);
   for (let i = 0; i < patternParts.length; i++) {
     const pp = patternParts[i];
@@ -806,6 +808,7 @@ for (let ri = 0; ri < routes.length; ri++) {
         sourceRouteIndex: ri,
         slotName,
         targetPattern: intercept.targetPattern,
+        targetPatternParts: intercept.targetPattern.split("/").filter(Boolean),
         page: intercept.page,
         params: intercept.params,
       });
@@ -818,8 +821,9 @@ for (let ri = 0; ri < routes.length; ri++) {
  * Returns the match info or null.
  */
 function findIntercept(pathname) {
+  const urlParts = pathname.split("/").filter(Boolean);
   for (const entry of interceptLookup) {
-    const params = matchPattern(pathname, entry.targetPattern);
+    const params = matchPattern(urlParts, entry.targetPatternParts);
     if (params !== null) {
       return { ...entry, matchedParams: params };
     }
@@ -1105,7 +1109,8 @@ async function buildPageElement(route, params, opts, searchParams) {
   // For HTML requests (initial page load), the ErrorBoundary catches during SSR
   // but produces double <html>/<body> (root layout + global-error). The request
   // handler detects this via the rscOnError flag and re-renders without layouts.
-  ${globalErrorVar ? `
+  ${globalErrorVar
+        ? `
   const GlobalErrorComponent = ${globalErrorVar}.default;
   if (GlobalErrorComponent) {
     element = createElement(ErrorBoundary, {
@@ -1113,7 +1118,8 @@ async function buildPageElement(route, params, opts, searchParams) {
       children: element,
     });
   }
-  ` : ""}
+  `
+        : ""}
 
   return element;
 }
@@ -1231,10 +1237,12 @@ async function __readFormDataWithLimit(request, maxBytes) {
 }
 
 export default async function handler(request) {
-  ${instrumentationPath ? `// Ensure instrumentation.register() has run before handling the first request.
+  ${instrumentationPath
+        ? `// Ensure instrumentation.register() has run before handling the first request.
   // This is a no-op after the first call (guarded by __instrumentationInitialized).
   await __ensureInstrumentation();
-  ` : ""}
+  `
+        : ""}
   // Wrap the entire request in nested AsyncLocalStorage.run() scopes to ensure
   // per-request isolation for all state modules. Each runWith*() creates an
   // ALS scope that propagates through all async continuations (including RSC
@@ -1316,10 +1324,12 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   }
   let pathname = __normalizePath(decodedUrlPathname);
 
-  ${bp ? `
+  ${bp
+        ? `
   // Strip basePath prefix
   pathname = stripBasePath(pathname, __basePath);
-  ` : ""}
+  `
+        : ""}
 
   // Trailing slash normalization (redirect to canonical form)
   const __tsRedirect = normalizeTrailingSlash(pathname, __basePath, __trailingSlash, url.search);
@@ -1334,7 +1344,9 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     const __redir = matchRedirect(__redirPathname, __configRedirects, __reqCtx);
     if (__redir) {
       const __redirDest = sanitizeDestination(
-        __basePath && !__redir.destination.startsWith(__basePath)
+        __basePath &&
+          !isExternalUrl(__redir.destination) &&
+          !hasBasePath(__redir.destination, __basePath)
           ? __basePath + __redir.destination
           : __redir.destination
       );
@@ -1352,7 +1364,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // _mwCtx (per-request container) so handler() can merge them into
   // every response path without module-level state that races on Workers.
 
-  ${middlewarePath ? `
+  ${middlewarePath
+        ? `
    // Run proxy/middleware if present and path matches.
    // Validate exports match the file type (proxy.ts vs middleware.ts), matching Next.js behavior.
    // https://github.com/vercel/next.js/blob/canary/test/e2e/app-dir/proxy-missing-export/proxy-missing-export.test.ts
@@ -1434,7 +1447,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     applyMiddlewareRequestHeaders(_mwCtx.headers);
     processMiddlewareHeaders(_mwCtx.headers);
   }
-  ` : ""}
+  `
+        : ""}
 
   // Build post-middleware request context for afterFiles/fallback rewrites.
   // These run after middleware in the App Router execution order and should
@@ -1467,6 +1481,34 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
 
   // Handle metadata routes (sitemap.xml, robots.txt, manifest.webmanifest, etc.)
   for (const metaRoute of metadataRoutes) {
+    // generateSitemaps() support — paginated sitemaps at /{prefix}/sitemap/{id}.xml
+    // When a sitemap module exports generateSitemaps, the base URL (e.g. /products/sitemap.xml)
+    // is no longer served. Instead, individual sitemaps are served at /products/sitemap/{id}.xml.
+    if (
+      metaRoute.type === "sitemap" &&
+      metaRoute.isDynamic &&
+      typeof metaRoute.module.generateSitemaps === "function"
+    ) {
+      const sitemapPrefix = metaRoute.servedUrl.slice(0, -4); // strip ".xml"
+      // Match exactly /{prefix}/{id}.xml — one segment only (no slashes in id)
+      if (cleanPathname.startsWith(sitemapPrefix + "/") && cleanPathname.endsWith(".xml")) {
+        const rawId = cleanPathname.slice(sitemapPrefix.length + 1, -4);
+        if (rawId.includes("/")) continue; // multi-segment — not a paginated sitemap
+        const sitemaps = await metaRoute.module.generateSitemaps();
+        const matched = sitemaps.find(function(s) { return String(s.id) === rawId; });
+        if (!matched) return new Response("Not Found", { status: 404 });
+        // Pass the original typed id from generateSitemaps() so numeric IDs stay numeric.
+        // TODO: wrap with makeThenableParams-style Promise when upgrading to Next.js 16
+        // full-Promise param semantics (id becomes Promise<string> in v16).
+        const result = await metaRoute.module.default({ id: matched.id });
+        if (result instanceof Response) return result;
+        return new Response(sitemapToXml(result), {
+          headers: { "Content-Type": metaRoute.contentType },
+        });
+      }
+      // Skip — the base servedUrl is not served when generateSitemaps exists
+      continue;
+    }
     if (cleanPathname === metaRoute.servedUrl) {
       if (metaRoute.isDynamic) {
         // Dynamic metadata route — call the default export and serialize
@@ -1760,10 +1802,17 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
     if (typeof handlerFn === "function") {
       try {
         const response = await handlerFn(request, { params });
+        const dynamicUsedInHandler = consumeDynamicUsage();
 
         // Apply Cache-Control from route segment config (export const revalidate = N).
-        // Next.js sets s-maxage on GET route handlers with a numeric revalidate value.
-        if (revalidateSeconds !== null && (method === "GET" || isAutoHead) && !response.headers.has("cache-control")) {
+        // Runtime request APIs like headers() / cookies() make GET handlers dynamic,
+        // so only attach ISR headers when the handler stayed static.
+        if (
+          revalidateSeconds !== null &&
+          !dynamicUsedInHandler &&
+          (method === "GET" || isAutoHead) &&
+          !response.headers.has("cache-control")
+        ) {
           response.headers.set("cache-control", "s-maxage=" + revalidateSeconds + ", stale-while-revalidate");
         }
 
@@ -2271,7 +2320,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
   // the HTML output has double <html>/<body> (root layout + global-error.tsx).
   // Discard it and re-render using renderErrorBoundaryPage which skips layouts
   // when the error falls through to global-error.tsx.
-  ${globalErrorVar ? `
+  ${globalErrorVar
+        ? `
   if (_rscErrorForRerender && !isRscRequest) {
     const _hasLocalBoundary = !!(route?.error?.default) || !!(route?.errors && route.errors.some(function(e) { return e?.default; }));
     if (!_hasLocalBoundary) {
@@ -2279,7 +2329,8 @@ async function _handleRequest(request, __reqCtx, _mwCtx) {
       if (cleanResp) return cleanResp;
     }
   }
-  ` : ""}
+  `
+        : ""}
 
   // Check for draftMode Set-Cookie header (from draftMode().enable()/disable())
   const draftCookie = getDraftModeCookieHeader();