vinext 0.0.27 → 0.0.29

package/dist/server/prod-server.js

@@ -28,6 +28,8 @@ import { IMAGE_OPTIMIZATION_PATH, IMAGE_CONTENT_SECURITY_POLICY, parseImageParam
 import { normalizePath } from "./normalize-path.js";
 import { hasBasePath, stripBasePath } from "../utils/base-path.js";
 import { computeLazyChunks } from "../index.js";
+import { manifestFileWithBase } from "../utils/manifest-paths.js";
+import { normalizePathnameForRouteMatchStrict } from "../routing/utils.js";
 /** Convert a Node.js IncomingMessage into a ReadableStream for Web Request body. */
 function readNodeStream(req) {
     return new ReadableStream({
@@ -118,10 +120,18 @@ function mergeResponseHeaders(middlewareHeaders, response) {
  * Send a compressed response if the content type is compressible and the
  * client supports compression. Otherwise send uncompressed.
  */
-function sendCompressed(req, res, body, contentType, statusCode, extraHeaders = {}, compress = true) {
+function sendCompressed(req, res, body, contentType, statusCode, extraHeaders = {}, compress = true, statusText = undefined) {
     const buf = typeof body === "string" ? Buffer.from(body) : body;
     const baseType = contentType.split(";")[0].trim();
     const encoding = compress ? negotiateEncoding(req) : null;
+    const writeHead = (headers) => {
+        if (statusText) {
+            res.writeHead(statusCode, statusText, headers);
+        }
+        else {
+            res.writeHead(statusCode, headers);
+        }
+    };
     if (encoding && COMPRESSIBLE_TYPES.has(baseType) && buf.length >= COMPRESS_THRESHOLD) {
         const compressor = createCompressor(encoding);
         // Merge Accept-Encoding into existing Vary header from extraHeaders instead
@@ -139,7 +149,7 @@ function sendCompressed(req, res, body, contentType, statusCode, extraHeaders =
         else {
             varyValue = "Accept-Encoding";
         }
-        res.writeHead(statusCode, {
+        writeHead({
             ...extraHeaders,
             "Content-Type": contentType,
             "Content-Encoding": encoding,
@@ -151,8 +161,11 @@ function sendCompressed(req, res, body, contentType, statusCode, extraHeaders =
         });
     }
     else {
-        res.writeHead(statusCode, {
-            ...extraHeaders,
+        // Strip any pre-existing content-length (from the Web Response constructor)
+        // before setting our own — avoids duplicate Content-Length headers.
+        const { "content-length": _cl, "Content-Length": _CL, ...headersWithoutLength } = extraHeaders;
+        writeHead({
+            ...headersWithoutLength,
             "Content-Type": contentType,
             "Content-Length": String(buf.length),
         });
@@ -276,15 +289,21 @@ const trustedHosts = new Set((process.env.VINEXT_TRUSTED_HOSTS ?? "")
 const trustProxy = process.env.VINEXT_TRUST_PROXY === "1" || trustedHosts.size > 0;
 /**
  * Convert a Node.js IncomingMessage to a Web Request object.
+ *
+ * When `urlOverride` is provided, it is used as the path + query string
+ * instead of `req.url`. This avoids redundant path normalization when the
+ * caller has already decoded and normalized the pathname (e.g. the App
+ * Router prod server normalizes before static-asset lookup, and can pass
+ * the result here so the downstream RSC handler doesn't re-normalize).
  */
-function nodeToWebRequest(req) {
+function nodeToWebRequest(req, urlOverride) {
     const rawProto = trustProxy
         ? req.headers["x-forwarded-proto"]?.split(",")[0]?.trim()
         : undefined;
     const proto = rawProto === "https" || rawProto === "http" ? rawProto : "http";
     const host = resolveHost(req, "localhost");
     const origin = `${proto}://${host}`;
-    const url = new URL(req.url ?? "/", origin);
+    const url = new URL(urlOverride ?? req.url ?? "/", origin);
     const headers = new Headers();
     for (const [key, value] of Object.entries(req.headers)) {
         if (value === undefined)
@@ -317,6 +336,15 @@ function nodeToWebRequest(req) {
  */
 async function sendWebResponse(webResponse, req, res, compress) {
     const status = webResponse.status;
+    const statusText = webResponse.statusText || undefined;
+    const writeHead = (headers) => {
+        if (statusText) {
+            res.writeHead(status, statusText, headers);
+        }
+        else {
+            res.writeHead(status, headers);
+        }
+    };
     // Collect headers, handling multi-value headers (e.g. Set-Cookie)
     const nodeHeaders = {};
     webResponse.headers.forEach((value, key) => {
@@ -329,7 +357,7 @@ async function sendWebResponse(webResponse, req, res, compress) {
         }
     });
     if (!webResponse.body) {
-        res.writeHead(status, nodeHeaders);
+        writeHead(nodeHeaders);
         res.end();
         return;
     }
@@ -358,7 +386,7 @@ async function sendWebResponse(webResponse, req, res, compress) {
             nodeHeaders["Vary"] = "Accept-Encoding";
         }
     }
-    res.writeHead(status, nodeHeaders);
+    writeHead(nodeHeaders);
     // HEAD requests: send headers only, skip the body
     if (req.method === "HEAD") {
         res.end();
@@ -405,11 +433,36 @@ export async function startProdServer(options = {}) {
     }
     return startPagesRouterServer({ port, host, clientDir, serverEntryPath, compress });
 }
+function createNodeExecutionContext() {
+    return {
+        waitUntil(promise) {
+            // Node doesn't provide a Workers lifecycle, but we still attach a
+            // rejection handler so background waitUntil work doesn't surface as an
+            // unhandled rejection when a Worker-style entry is used with vinext start.
+            void Promise.resolve(promise).catch(() => { });
+        },
+        passThroughOnException() { },
+    };
+}
+function resolveAppRouterHandler(entry) {
+    if (typeof entry === "function") {
+        return (request) => Promise.resolve(entry(request));
+    }
+    if (entry && typeof entry === "object" && "fetch" in entry) {
+        const workerEntry = entry;
+        if (typeof workerEntry.fetch === "function") {
+            return (request) => Promise.resolve(workerEntry.fetch(request, undefined, createNodeExecutionContext()));
+        }
+    }
+    console.error("[vinext] App Router entry must export either a default handler function or a Worker-style default export with fetch()");
+    process.exit(1);
+}
 /**
  * Start the App Router production server.
  *
- * The RSC entry (dist/server/index.js) exports a default handler function:
- *   handler(request: Request) → Promise<Response>
+ * The App Router entry (dist/server/index.js) can export either:
+ *   - a default handler function: handler(request: Request) → Promise<Response>
+ *   - a Worker-style object: { fetch(request, env, ctx) → Promise<Response> }
  *
  * This handler already does everything: route matching, RSC rendering,
  * SSR HTML generation (via import("./ssr/index.js")), route handlers,
@@ -437,18 +490,14 @@ async function startAppRouterServer(options) {
     }
     // Import the RSC handler (use file:// URL for reliable dynamic import)
     const rscModule = await import(pathToFileURL(rscEntryPath).href);
-    const rscHandler = rscModule.default;
-    if (typeof rscHandler !== "function") {
-        console.error("[vinext] RSC entry does not export a default handler function");
-        process.exit(1);
-    }
+    const rscHandler = resolveAppRouterHandler(rscModule.default);
     const server = createServer(async (req, res) => {
-        const url = req.url ?? "/";
+        const rawUrl = req.url ?? "/";
         // Normalize backslashes (browsers treat /\ as //), then decode and normalize path.
-        const rawPathname = url.split("?")[0].replaceAll("\\", "/");
+        const rawPathname = rawUrl.split("?")[0].replaceAll("\\", "/");
         let pathname;
         try {
-            pathname = normalizePath(decodeURIComponent(rawPathname));
+            pathname = normalizePath(normalizePathnameForRouteMatchStrict(rawPathname));
         }
         catch {
             // Malformed percent-encoding (e.g. /%E0%A4%A) — return 400 instead of crashing.
@@ -470,7 +519,7 @@ async function startAppRouterServer(options) {
         // Image optimization passthrough (Node.js prod server has no Images binding;
         // serves the original file with cache headers and security headers)
         if (pathname === IMAGE_OPTIMIZATION_PATH) {
-            const parsedUrl = new URL(url, "http://localhost");
+            const parsedUrl = new URL(rawUrl, "http://localhost");
             const defaultAllowedWidths = [...DEFAULT_DEVICE_SIZES, ...DEFAULT_IMAGE_SIZES];
             const params = parseImageParams(parsedUrl, defaultAllowedWidths);
             if (!params) {
@@ -491,7 +540,7 @@ async function startAppRouterServer(options) {
             const imageSecurityHeaders = {
                 "Content-Security-Policy": imageConfig?.contentSecurityPolicy ?? IMAGE_CONTENT_SECURITY_POLICY,
                 "X-Content-Type-Options": "nosniff",
-                "Content-Disposition": imageConfig?.contentDispositionType ?? "inline",
+                "Content-Disposition": imageConfig?.contentDispositionType === "attachment" ? "attachment" : "inline",
             };
             if (tryServeStatic(req, res, clientDir, params.imageUrl, false, imageSecurityHeaders)) {
                 return;
@@ -501,8 +550,13 @@ async function startAppRouterServer(options) {
             return;
         }
         try {
+            // Build the normalized URL (pathname + original query string) so the
+            // RSC handler receives an already-canonical path and doesn't need to
+            // re-normalize. This deduplicates the normalizePath work done above.
+            const qs = rawUrl.includes("?") ? rawUrl.slice(rawUrl.indexOf("?")) : "";
+            const normalizedUrl = pathname + qs;
             // Convert Node.js request to Web Request and call the RSC handler
-            const request = nodeToWebRequest(req);
+            const request = nodeToWebRequest(req, normalizedUrl);
             const response = await rscHandler(request);
             // Stream the Web Response back to the Node.js response
             await sendWebResponse(response, req, res, compress);
@@ -536,33 +590,12 @@ async function startAppRouterServer(options) {
  */
 async function startPagesRouterServer(options) {
     const { port, host, clientDir, serverEntryPath, compress } = options;
-    // Load the SSR manifest (maps module URLs to client asset URLs)
-    let ssrManifest = {};
-    const manifestPath = path.join(clientDir, ".vite", "ssr-manifest.json");
-    if (fs.existsSync(manifestPath)) {
-        ssrManifest = JSON.parse(fs.readFileSync(manifestPath, "utf-8"));
-    }
-    // Load the build manifest to compute lazy chunks — chunks only reachable via
-    // dynamic imports (React.lazy, next/dynamic). These should not be
-    // modulepreloaded since they are fetched on demand.
-    const buildManifestPath = path.join(clientDir, ".vite", "manifest.json");
-    if (fs.existsSync(buildManifestPath)) {
-        try {
-            const buildManifest = JSON.parse(fs.readFileSync(buildManifestPath, "utf-8"));
-            const lazyChunks = computeLazyChunks(buildManifest);
-            if (lazyChunks.length > 0) {
-                globalThis.__VINEXT_LAZY_CHUNKS__ = lazyChunks;
-            }
-        }
-        catch {
-            /* ignore parse errors */
-        }
-    }
     // Import the server entry module (use file:// URL for reliable dynamic import)
     const serverEntry = await import(pathToFileURL(serverEntryPath).href);
     const { renderPage, handleApiRoute: handleApi, runMiddleware, vinextConfig } = serverEntry;
     // Extract config values (embedded at build time in the server entry)
     const basePath = vinextConfig?.basePath ?? "";
+    const assetBase = basePath ? `${basePath}/` : "/";
     const trailingSlash = vinextConfig?.trailingSlash ?? false;
     const configRedirects = vinextConfig?.redirects ?? [];
     const configRewrites = vinextConfig?.rewrites ?? {
@@ -584,6 +617,28 @@ async function startPagesRouterServer(options) {
             contentSecurityPolicy: vinextConfig.images.contentSecurityPolicy,
         }
         : undefined;
+    // Load the SSR manifest (maps module URLs to client asset URLs)
+    let ssrManifest = {};
+    const manifestPath = path.join(clientDir, ".vite", "ssr-manifest.json");
+    if (fs.existsSync(manifestPath)) {
+        ssrManifest = JSON.parse(fs.readFileSync(manifestPath, "utf-8"));
+    }
+    // Load the build manifest to compute lazy chunks — chunks only reachable via
+    // dynamic imports (React.lazy, next/dynamic). These should not be
+    // modulepreloaded since they are fetched on demand.
+    const buildManifestPath = path.join(clientDir, ".vite", "manifest.json");
+    if (fs.existsSync(buildManifestPath)) {
+        try {
+            const buildManifest = JSON.parse(fs.readFileSync(buildManifestPath, "utf-8"));
+            const lazyChunks = computeLazyChunks(buildManifest).map((file) => manifestFileWithBase(file, assetBase));
+            if (lazyChunks.length > 0) {
+                globalThis.__VINEXT_LAZY_CHUNKS__ = lazyChunks;
+            }
+        }
+        catch {
+            /* ignore parse errors */
+        }
+    }
     const server = createServer(async (req, res) => {
         const rawUrl = req.url ?? "/";
         // Normalize backslashes (browsers treat /\ as //), then decode and normalize path.
@@ -594,7 +649,7 @@ async function startPagesRouterServer(options) {
         const rawQs = rawUrl.includes("?") ? rawUrl.slice(rawUrl.indexOf("?")) : "";
         let pathname;
         try {
-            pathname = normalizePath(decodeURIComponent(rawPagesPathname));
+            pathname = normalizePath(normalizePathnameForRouteMatchStrict(rawPagesPathname));
         }
         catch {
             // Malformed percent-encoding (e.g. /%E0%A4%A) — return 400 instead of crashing.
@@ -641,7 +696,7 @@ async function startPagesRouterServer(options) {
             const imageSecurityHeaders = {
                 "Content-Security-Policy": pagesImageConfig?.contentSecurityPolicy ?? IMAGE_CONTENT_SECURITY_POLICY,
                 "X-Content-Type-Options": "nosniff",
-                "Content-Disposition": pagesImageConfig?.contentDispositionType ?? "inline",
+                "Content-Disposition": pagesImageConfig?.contentDispositionType === "attachment" ? "attachment" : "inline",
             };
             if (tryServeStatic(req, res, clientDir, params.imageUrl, false, imageSecurityHeaders)) {
                 return;
@@ -696,12 +751,31 @@ async function startPagesRouterServer(options) {
                 // @ts-expect-error — duplex needed for streaming request bodies
                 duplex: hasBody ? "half" : undefined,
             });
-            // Build request context for has/missing condition matching.
-            // headers and redirects run before middleware and use this pre-middleware
-            // snapshot. beforeFiles, afterFiles, and fallback all run after middleware
-            // per the Next.js execution order, so they use postMwReqCtx below.
+            // Build request context for pre-middleware config matching. Redirects
+            // run before middleware in Next.js. Header match conditions also use the
+            // original request snapshot even though header merging happens later so
+            // middleware response headers can still take precedence.
+            // beforeFiles, afterFiles, and fallback all run after middleware per the
+            // Next.js execution order, so they use postMwReqCtx below.
             const reqCtx = requestContextFromRequest(webRequest);
-            // ── 4. Run middleware ─────────────────────────────────────────
+            // ── 4. Apply redirects from next.config.js ────────────────────
+            if (configRedirects.length) {
+                const redirect = matchRedirect(pathname, configRedirects, reqCtx);
+                if (redirect) {
+                    // Guard against double-prefixing: only add basePath if destination
+                    // doesn't already start with it.
+                    // Sanitize the final destination to prevent protocol-relative URL open redirects.
+                    const dest = sanitizeDestination(basePath &&
+                        !isExternalUrl(redirect.destination) &&
+                        !hasBasePath(redirect.destination, basePath)
+                        ? basePath + redirect.destination
+                        : redirect.destination);
+                    res.writeHead(redirect.permanent ? 308 : 307, { Location: dest });
+                    res.end();
+                    return;
+                }
+            }
+            // ── 5. Run middleware ─────────────────────────────────────────
             let resolvedUrl = url;
             const middlewareHeaders = {};
             let middlewareRewriteStatus;
@@ -744,7 +818,12 @@ async function startPagesRouterServer(options) {
                         const setCookies = result.response.headers.getSetCookie?.() ?? [];
                         if (setCookies.length > 0)
                             respHeaders["set-cookie"] = setCookies;
-                        res.writeHead(result.response.status, respHeaders);
+                        if (result.response.statusText) {
+                            res.writeHead(result.response.status, result.response.statusText, respHeaders);
+                        }
+                        else {
+                            res.writeHead(result.response.status, respHeaders);
+                        }
                         res.end(body);
                         return;
                     }
@@ -784,15 +863,17 @@ async function startPagesRouterServer(options) {
             // middleware per the Next.js execution order).
             const { postMwReqCtx, request: postMwReq } = applyMiddlewareRequestHeaders(middlewareHeaders, webRequest);
             webRequest = postMwReq;
+            // Config header matching must keep using the original normalized pathname
+            // even if middleware rewrites the downstream route/render target.
             let resolvedPathname = resolvedUrl.split("?")[0];
-            // ── 5. Apply custom headers from next.config.js ───────────────
+            // ── 6. Apply custom headers from next.config.js ───────────────
             // Config headers are additive for multi-value headers (Vary,
             // Set-Cookie) and override for everything else. Set-Cookie values
             // are stored as arrays (RFC 6265 forbids comma-joining cookies).
             // Middleware headers take precedence: skip config keys already set
             // by middleware so middleware always wins for the same key.
             if (configHeaders.length) {
-                const matched = matchHeaders(resolvedPathname, configHeaders, reqCtx);
+                const matched = matchHeaders(pathname, configHeaders, reqCtx);
                 for (const h of matched) {
                     const lk = h.key.toLowerCase();
                     if (lk === "set-cookie") {
@@ -817,23 +898,6 @@ async function startPagesRouterServer(options) {
                     }
                 }
             }
-            // ── 6. Apply redirects from next.config.js ────────────────────
-            if (configRedirects.length) {
-                const redirect = matchRedirect(resolvedPathname, configRedirects, reqCtx);
-                if (redirect) {
-                    // Guard against double-prefixing: only add basePath if destination
-                    // doesn't already start with it.
-                    // Sanitize the final destination to prevent protocol-relative URL open redirects.
-                    const dest = sanitizeDestination(basePath &&
-                        !isExternalUrl(redirect.destination) &&
-                        !hasBasePath(redirect.destination, basePath)
-                        ? basePath + redirect.destination
-                        : redirect.destination);
-                    res.writeHead(redirect.permanent ? 308 : 307, { Location: dest });
-                    res.end();
-                    return;
-                }
-            }
             // ── 7. Apply beforeFiles rewrites from next.config.js ─────────
             if (configRewrites.beforeFiles?.length) {
                 const rewritten = matchRewrite(resolvedPathname, configRewrites.beforeFiles, postMwReqCtx);
@@ -863,7 +927,9 @@ async function startPagesRouterServer(options) {
                 // the handler doesn't set an explicit Content-Type.
                 const ct = response.headers.get("content-type") ?? "application/octet-stream";
                 const responseHeaders = mergeResponseHeaders(middlewareHeaders, response);
-                sendCompressed(req, res, responseBody, ct, middlewareRewriteStatus ?? response.status, responseHeaders, compress);
+                const finalStatus = middlewareRewriteStatus ?? response.status;
+                const finalStatusText = finalStatus === response.status ? response.statusText || undefined : undefined;
+                sendCompressed(req, res, responseBody, ct, finalStatus, responseHeaders, compress, finalStatusText);
                 return;
             }
             // ── 9. Apply afterFiles rewrites from next.config.js ──────────
@@ -905,12 +971,16 @@ async function startPagesRouterServer(options) {
             const responseBody = Buffer.from(await response.arrayBuffer());
             const ct = response.headers.get("content-type") ?? "text/html";
             const responseHeaders = mergeResponseHeaders(middlewareHeaders, response);
-            sendCompressed(req, res, responseBody, ct, middlewareRewriteStatus ?? response.status, responseHeaders, compress);
+            const finalStatus = middlewareRewriteStatus ?? response.status;
+            const finalStatusText = finalStatus === response.status ? response.statusText || undefined : undefined;
+            sendCompressed(req, res, responseBody, ct, finalStatus, responseHeaders, compress, finalStatusText);
         }
         catch (e) {
             console.error("[vinext] Server error:", e);
-            res.writeHead(500);
-            res.end("Internal Server Error");
+            if (!res.headersSent) {
+                res.writeHead(500);
+                res.end("Internal Server Error");
+            }
         }
     });
     await new Promise((resolve) => {