npm - vinext - Versions diffs - 0.0.45 → 0.0.47 - Mend

vinext 0.0.45 → 0.0.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (311) hide show

package/README.md +7 -5
package/dist/build/prerender.d.ts +2 -1
package/dist/build/prerender.js +80 -17
package/dist/build/prerender.js.map +1 -1
package/dist/build/report.d.ts +1 -1
package/dist/build/route-classification-injector.d.ts +35 -0
package/dist/build/route-classification-injector.js +61 -0
package/dist/build/route-classification-injector.js.map +1 -0
package/dist/build/route-classification-manifest.d.ts +1 -1
package/dist/build/standalone.js +4 -3
package/dist/build/standalone.js.map +1 -1
package/dist/build/static-export.d.ts +1 -1
package/dist/check.js +30 -18
package/dist/check.js.map +1 -1
package/dist/cli-args.d.ts +31 -0
package/dist/cli-args.js +104 -0
package/dist/cli-args.js.map +1 -0
package/dist/cli.js +6 -19
package/dist/cli.js.map +1 -1
package/dist/cloudflare/kv-cache-handler.js +29 -9
package/dist/cloudflare/kv-cache-handler.js.map +1 -1
package/dist/config/config-matchers.js +1 -0
package/dist/config/config-matchers.js.map +1 -1
package/dist/config/next-config.d.ts +42 -4
package/dist/config/next-config.js +27 -0
package/dist/config/next-config.js.map +1 -1
package/dist/deploy.js +18 -23
package/dist/deploy.js.map +1 -1
package/dist/entries/app-rsc-entry.d.ts +4 -3
package/dist/entries/app-rsc-entry.js +435 -2317
package/dist/entries/app-rsc-entry.js.map +1 -1
package/dist/entries/app-rsc-manifest.d.ts +24 -0
package/dist/entries/app-rsc-manifest.js +155 -0
package/dist/entries/app-rsc-manifest.js.map +1 -0
package/dist/entries/pages-server-entry.js +18 -105
package/dist/entries/pages-server-entry.js.map +1 -1
package/dist/index.js +82 -85
package/dist/index.js.map +1 -1
package/dist/plugins/fonts.js +54 -32
package/dist/plugins/fonts.js.map +1 -1
package/dist/plugins/rsc-client-shim-excludes.d.ts +6 -0
package/dist/plugins/rsc-client-shim-excludes.js +28 -0
package/dist/plugins/rsc-client-shim-excludes.js.map +1 -0
package/dist/routing/app-route-graph.d.ts +109 -0
package/dist/routing/app-route-graph.js +819 -0
package/dist/routing/app-route-graph.js.map +1 -0
package/dist/routing/app-router.d.ts +2 -79
package/dist/routing/app-router.js +7 -621
package/dist/routing/app-router.js.map +1 -1
package/dist/routing/route-pattern.d.ts +9 -0
package/dist/routing/route-pattern.js +90 -0
package/dist/routing/route-pattern.js.map +1 -0
package/dist/routing/route-trie.js +10 -11
package/dist/routing/route-trie.js.map +1 -1
package/dist/server/app-browser-entry.js +94 -232
package/dist/server/app-browser-entry.js.map +1 -1
package/dist/server/app-browser-error.d.ts +3 -4
package/dist/server/app-browser-error.js +8 -4
package/dist/server/app-browser-error.js.map +1 -1
package/dist/server/app-browser-navigation-controller.d.ts +73 -0
package/dist/server/app-browser-navigation-controller.js +282 -0
package/dist/server/app-browser-navigation-controller.js.map +1 -0
package/dist/server/app-browser-state.d.ts +1 -1
package/dist/server/app-browser-state.js.map +1 -1
package/dist/server/app-elements.js +1 -5
package/dist/server/app-elements.js.map +1 -1
package/dist/server/app-fallback-renderer.d.ts +57 -0
package/dist/server/app-fallback-renderer.js +79 -0
package/dist/server/app-fallback-renderer.js.map +1 -0
package/dist/server/app-hook-warning-suppression.d.ts +7 -0
package/dist/server/app-hook-warning-suppression.js +12 -0
package/dist/server/app-hook-warning-suppression.js.map +1 -0
package/dist/server/app-middleware.d.ts +32 -0
package/dist/server/app-middleware.js +147 -0
package/dist/server/app-middleware.js.map +1 -0
package/dist/server/app-mounted-slots-header.d.ts +17 -0
package/dist/server/app-mounted-slots-header.js +21 -0
package/dist/server/app-mounted-slots-header.js.map +1 -0
package/dist/server/app-page-boundary-render.d.ts +4 -2
package/dist/server/app-page-boundary-render.js +50 -30
package/dist/server/app-page-boundary-render.js.map +1 -1
package/dist/server/app-page-boundary.d.ts +12 -1
package/dist/server/app-page-boundary.js +27 -12
package/dist/server/app-page-boundary.js.map +1 -1
package/dist/server/app-page-cache.d.ts +22 -5
package/dist/server/app-page-cache.js +90 -11
package/dist/server/app-page-cache.js.map +1 -1
package/dist/server/app-page-dispatch.d.ts +123 -0
package/dist/server/app-page-dispatch.js +348 -0
package/dist/server/app-page-dispatch.js.map +1 -0
package/dist/server/app-page-element-builder.d.ts +61 -0
package/dist/server/app-page-element-builder.js +139 -0
package/dist/server/app-page-element-builder.js.map +1 -0
package/dist/server/app-page-execution.d.ts +4 -3
package/dist/server/app-page-execution.js +5 -8
package/dist/server/app-page-execution.js.map +1 -1
package/dist/server/app-page-head.d.ts +55 -0
package/dist/server/app-page-head.js +196 -0
package/dist/server/app-page-head.js.map +1 -0
package/dist/server/app-page-method.d.ts +16 -0
package/dist/server/app-page-method.js +30 -0
package/dist/server/app-page-method.js.map +1 -0
package/dist/server/app-page-params.d.ts +8 -0
package/dist/server/app-page-params.js +28 -0
package/dist/server/app-page-params.js.map +1 -0
package/dist/server/app-page-render.d.ts +7 -2
package/dist/server/app-page-render.js +131 -32
package/dist/server/app-page-render.js.map +1 -1
package/dist/server/app-page-request.d.ts +23 -8
package/dist/server/app-page-request.js +51 -6
package/dist/server/app-page-request.js.map +1 -1
package/dist/server/app-page-response.d.ts +1 -0
package/dist/server/app-page-response.js +3 -7
package/dist/server/app-page-response.js.map +1 -1
package/dist/server/app-page-route-wiring.d.ts +29 -5
package/dist/server/app-page-route-wiring.js +30 -8
package/dist/server/app-page-route-wiring.js.map +1 -1
package/dist/server/app-page-stream.d.ts +10 -0
package/dist/server/app-page-stream.js +5 -1
package/dist/server/app-page-stream.js.map +1 -1
package/dist/server/app-post-middleware-context.d.ts +16 -0
package/dist/server/app-post-middleware-context.js +28 -0
package/dist/server/app-post-middleware-context.js.map +1 -0
package/dist/server/app-prerender-endpoints.d.ts +19 -0
package/dist/server/app-prerender-endpoints.js +96 -0
package/dist/server/app-prerender-endpoints.js.map +1 -0
package/dist/server/app-prerender-static-params.d.ts +16 -0
package/dist/server/app-prerender-static-params.js +14 -0
package/dist/server/app-prerender-static-params.js.map +1 -0
package/dist/server/app-request-context.d.ts +22 -0
package/dist/server/app-request-context.js +30 -0
package/dist/server/app-request-context.js.map +1 -0
package/dist/server/app-route-handler-cache.d.ts +4 -0
package/dist/server/app-route-handler-cache.js +11 -3
package/dist/server/app-route-handler-cache.js.map +1 -1
package/dist/server/app-route-handler-dispatch.d.ts +43 -0
package/dist/server/app-route-handler-dispatch.js +149 -0
package/dist/server/app-route-handler-dispatch.js.map +1 -0
package/dist/server/app-route-handler-execution.d.ts +8 -3
package/dist/server/app-route-handler-execution.js +25 -4
package/dist/server/app-route-handler-execution.js.map +1 -1
package/dist/server/app-route-handler-response.d.ts +6 -3
package/dist/server/app-route-handler-response.js +52 -11
package/dist/server/app-route-handler-response.js.map +1 -1
package/dist/server/app-route-handler-runtime.d.ts +4 -1
package/dist/server/app-route-handler-runtime.js +107 -1
package/dist/server/app-route-handler-runtime.js.map +1 -1
package/dist/server/app-router-entry.js.map +1 -1
package/dist/server/app-rsc-error-handler.d.ts +21 -0
package/dist/server/app-rsc-error-handler.js +30 -0
package/dist/server/app-rsc-error-handler.js.map +1 -0
package/dist/server/app-rsc-errors.d.ts +27 -0
package/dist/server/app-rsc-errors.js +42 -0
package/dist/server/app-rsc-errors.js.map +1 -0
package/dist/server/app-rsc-handler.d.ts +117 -0
package/dist/server/app-rsc-handler.js +260 -0
package/dist/server/app-rsc-handler.js.map +1 -0
package/dist/server/app-rsc-request-normalization.d.ts +40 -0
package/dist/server/app-rsc-request-normalization.js +63 -0
package/dist/server/app-rsc-request-normalization.js.map +1 -0
package/dist/server/app-rsc-response-finalizer.d.ts +30 -0
package/dist/server/app-rsc-response-finalizer.js +38 -0
package/dist/server/app-rsc-response-finalizer.js.map +1 -0
package/dist/server/app-rsc-route-matching.d.ts +40 -0
package/dist/server/app-rsc-route-matching.js +66 -0
package/dist/server/app-rsc-route-matching.js.map +1 -0
package/dist/server/app-segment-config.d.ts +33 -0
package/dist/server/app-segment-config.js +86 -0
package/dist/server/app-segment-config.js.map +1 -0
package/dist/server/app-server-action-execution.d.ts +88 -1
package/dist/server/app-server-action-execution.js +257 -5
package/dist/server/app-server-action-execution.js.map +1 -1
package/dist/server/app-ssr-entry.d.ts +7 -0
package/dist/server/app-ssr-entry.js +30 -9
package/dist/server/app-ssr-entry.js.map +1 -1
package/dist/server/app-ssr-stream.d.ts +4 -2
package/dist/server/app-ssr-stream.js +29 -2
package/dist/server/app-ssr-stream.js.map +1 -1
package/dist/server/app-static-generation.d.ts +15 -0
package/dist/server/app-static-generation.js +20 -0
package/dist/server/app-static-generation.js.map +1 -0
package/dist/server/cache-control.d.ts +24 -0
package/dist/server/cache-control.js +33 -0
package/dist/server/cache-control.js.map +1 -0
package/dist/server/dev-error-overlay-store.d.ts +23 -0
package/dist/server/dev-error-overlay-store.js +67 -0
package/dist/server/dev-error-overlay-store.js.map +1 -0
package/dist/server/dev-error-overlay.d.ts +15 -0
package/dist/server/dev-error-overlay.js +548 -0
package/dist/server/dev-error-overlay.js.map +1 -0
package/dist/server/dev-route-files.d.ts +7 -0
package/dist/server/dev-route-files.js +73 -0
package/dist/server/dev-route-files.js.map +1 -0
package/dist/server/dev-server.js +4 -0
package/dist/server/dev-server.js.map +1 -1
package/dist/server/file-based-metadata.d.ts +17 -0
package/dist/server/file-based-metadata.js +356 -0
package/dist/server/file-based-metadata.js.map +1 -0
package/dist/server/implicit-tags.d.ts +6 -0
package/dist/server/implicit-tags.js +42 -0
package/dist/server/implicit-tags.js.map +1 -0
package/dist/server/instrumentation-runtime.d.ts +44 -0
package/dist/server/instrumentation-runtime.js +29 -0
package/dist/server/instrumentation-runtime.js.map +1 -0
package/dist/server/instrumentation.js.map +1 -1
package/dist/server/isr-cache.d.ts +16 -3
package/dist/server/isr-cache.js +56 -8
package/dist/server/isr-cache.js.map +1 -1
package/dist/server/metadata-route-build-data.d.ts +25 -0
package/dist/server/metadata-route-build-data.js +150 -0
package/dist/server/metadata-route-build-data.js.map +1 -0
package/dist/server/metadata-route-response.d.ts +17 -0
package/dist/server/metadata-route-response.js +187 -0
package/dist/server/metadata-route-response.js.map +1 -0
package/dist/server/metadata-routes.d.ts +42 -4
package/dist/server/metadata-routes.js +127 -11
package/dist/server/metadata-routes.js.map +1 -1
package/dist/server/middleware-matcher.d.ts +15 -0
package/dist/server/middleware-matcher.js +102 -0
package/dist/server/middleware-matcher.js.map +1 -0
package/dist/server/middleware-request-headers.js +2 -1
package/dist/server/middleware-request-headers.js.map +1 -1
package/dist/server/middleware-runtime.d.ts +39 -0
package/dist/server/middleware-runtime.js +159 -0
package/dist/server/middleware-runtime.js.map +1 -0
package/dist/server/middleware.d.ts +4 -36
package/dist/server/middleware.js +18 -228
package/dist/server/middleware.js.map +1 -1
package/dist/server/pages-page-data.d.ts +7 -2
package/dist/server/pages-page-data.js +10 -5
package/dist/server/pages-page-data.js.map +1 -1
package/dist/server/pages-page-response.d.ts +2 -1
package/dist/server/pages-page-response.js +5 -3
package/dist/server/pages-page-response.js.map +1 -1
package/dist/server/prerender-work-unit-setup.d.ts +7 -0
package/dist/server/prerender-work-unit-setup.js +30 -0
package/dist/server/prerender-work-unit-setup.js.map +1 -0
package/dist/server/prod-server.js +10 -14
package/dist/server/prod-server.js.map +1 -1
package/dist/server/request-pipeline.d.ts +46 -5
package/dist/server/request-pipeline.js +84 -5
package/dist/server/request-pipeline.js.map +1 -1
package/dist/server/rsc-stream-hints.d.ts +7 -0
package/dist/server/rsc-stream-hints.js +38 -0
package/dist/server/rsc-stream-hints.js.map +1 -0
package/dist/server/seed-cache.js +19 -8
package/dist/server/seed-cache.js.map +1 -1
package/dist/server/server-action-not-found.d.ts +9 -0
package/dist/server/server-action-not-found.js +40 -0
package/dist/server/server-action-not-found.js.map +1 -0
package/dist/shims/cache-runtime.js +28 -11
package/dist/shims/cache-runtime.js.map +1 -1
package/dist/shims/cache.d.ts +39 -4
package/dist/shims/cache.js +93 -16
package/dist/shims/cache.js.map +1 -1
package/dist/shims/error-boundary.d.ts +66 -5
package/dist/shims/error-boundary.js +106 -4
package/dist/shims/error-boundary.js.map +1 -1
package/dist/shims/fetch-cache.d.ts +4 -1
package/dist/shims/fetch-cache.js +55 -13
package/dist/shims/fetch-cache.js.map +1 -1
package/dist/shims/font-google-base.d.ts +5 -4
package/dist/shims/font-google-base.js +61 -13
package/dist/shims/font-google-base.js.map +1 -1
package/dist/shims/headers.d.ts +14 -2
package/dist/shims/headers.js +127 -17
package/dist/shims/headers.js.map +1 -1
package/dist/shims/image.js +116 -10
package/dist/shims/image.js.map +1 -1
package/dist/shims/internal/make-hanging-promise.d.ts +16 -0
package/dist/shims/internal/make-hanging-promise.js +46 -0
package/dist/shims/internal/make-hanging-promise.js.map +1 -0
package/dist/shims/internal/work-unit-async-storage.d.ts +26 -3
package/dist/shims/internal/work-unit-async-storage.js +6 -3
package/dist/shims/internal/work-unit-async-storage.js.map +1 -1
package/dist/shims/metadata.d.ts +38 -26
package/dist/shims/metadata.js +75 -45
package/dist/shims/metadata.js.map +1 -1
package/dist/shims/navigation.d.ts +10 -1
package/dist/shims/navigation.js +18 -1
package/dist/shims/navigation.js.map +1 -1
package/dist/shims/navigation.react-server.d.ts +2 -2
package/dist/shims/navigation.react-server.js +2 -2
package/dist/shims/navigation.react-server.js.map +1 -1
package/dist/shims/offline.d.ts +5 -0
package/dist/shims/offline.js +17 -0
package/dist/shims/offline.js.map +1 -0
package/dist/shims/request-state-types.d.ts +3 -2
package/dist/shims/root-params.d.ts +11 -0
package/dist/shims/root-params.js +24 -0
package/dist/shims/root-params.js.map +1 -0
package/dist/shims/router.js +1 -1
package/dist/shims/server.d.ts +3 -1
package/dist/shims/server.js +83 -5
package/dist/shims/server.js.map +1 -1
package/dist/shims/thenable-params.d.ts +5 -0
package/dist/shims/thenable-params.js +37 -0
package/dist/shims/thenable-params.js.map +1 -0
package/dist/shims/unified-request-context.d.ts +3 -2
package/dist/shims/unified-request-context.js +3 -0
package/dist/shims/unified-request-context.js.map +1 -1
package/dist/shims/use-merged-ref.d.ts +7 -0
package/dist/shims/use-merged-ref.js +40 -0
package/dist/shims/use-merged-ref.js.map +1 -0
package/dist/utils/cache-control-metadata.d.ts +6 -0
package/dist/utils/cache-control-metadata.js +16 -0
package/dist/utils/cache-control-metadata.js.map +1 -0
package/package.json +6 -1
package/dist/server/middleware-codegen.d.ts +0 -54
package/dist/server/middleware-codegen.js +0 -414
package/dist/server/middleware-codegen.js.map +0 -1

package/dist/server/app-rsc-errors.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+//#region src/server/app-rsc-errors.d.ts
+type RscRequestInfo = {
+  path: string;
+  method: string;
+  headers: Record<string, string>;
+};
+type RscErrorContext = {
+  routerKind: "App Router";
+  routePath: string;
+  routeType: "render";
+};
+type RscErrorReporter = (error: Error, requestInfo: RscRequestInfo, errorContext: RscErrorContext) => void;
+type CreateRscOnErrorHandlerOptions = {
+  errorContext: RscErrorContext | null;
+  nodeEnv?: string;
+  reportRequestError: RscErrorReporter;
+  requestInfo: RscRequestInfo | null;
+};
+/**
+ * djb2 hash matching Next.js's string-hash package for RSC error digests.
+ */
+declare function errorDigest(input: string): string;
+declare function sanitizeErrorForClient(error: unknown, nodeEnv?: string | undefined): unknown;
+declare function createRscOnErrorHandler(options: CreateRscOnErrorHandlerOptions): (error: unknown) => string | undefined;
+//#endregion
+export { createRscOnErrorHandler, errorDigest, sanitizeErrorForClient };
+//# sourceMappingURL=app-rsc-errors.d.ts.map

package/dist/server/app-rsc-errors.js ADDED Viewed

@@ -0,0 +1,42 @@
+import { resolveAppPageSpecialError } from "./app-page-execution.js";
+//#region src/server/app-rsc-errors.ts
+function hasDigest(error) {
+	return Boolean(error && typeof error === "object" && "digest" in error);
+}
+function getThrownValueMessage(error) {
+	return error instanceof Error ? error.message : String(error);
+}
+function getThrownValueStack(error) {
+	return error instanceof Error ? error.stack || "" : "";
+}
+/**
+* djb2 hash matching Next.js's string-hash package for RSC error digests.
+*/
+function errorDigest(input) {
+	let hash = 5381;
+	for (let i = input.length - 1; i >= 0; i--) hash = hash * 33 ^ input.charCodeAt(i);
+	return (hash >>> 0).toString();
+}
+function sanitizeErrorForClient(error, nodeEnv = process.env.NODE_ENV) {
+	if (resolveAppPageSpecialError(error)) return error;
+	if (nodeEnv !== "production") return error;
+	const sanitized = /* @__PURE__ */ new Error("An error occurred in the Server Components render. The specific message is omitted in production builds to avoid leaking sensitive details. A digest property is included on this error instance which may provide additional details about the nature of the error.");
+	sanitized.digest = errorDigest(getThrownValueMessage(error) + getThrownValueStack(error));
+	return sanitized;
+}
+function createRscOnErrorHandler(options) {
+	return (error) => {
+		const nodeEnv = options.nodeEnv ?? process.env.NODE_ENV;
+		if (hasDigest(error)) return String(error.digest);
+		if (nodeEnv !== "production" && error instanceof Error && error.message.includes("Only plain objects, and a few built-ins, can be passed to Client Components")) {
+			console.error("[vinext] RSC serialization error: a non-plain object was passed from a Server Component to a Client Component.\n\nCommon causes:\n  * Passing a module namespace (import * as X) directly as a prop.\n    Unlike Next.js (webpack), Vite produces real ESM module namespace objects\n    which are not serializable. Fix: pass individual values instead,\n    e.g. <Comp value={module.value} />\n  * Passing a class instance (new Foo()) as a prop.\n    Fix: convert to a plain object, e.g. { id: foo.id, name: foo.name }\n  * Passing a Date, Map, or Set. Use .toISOString(), [...map.entries()], etc.\n  * Passing Object.create(null). Use { ...obj } to restore a prototype.\n\nOriginal error:", error.message);
+			return;
+		}
+		if (options.requestInfo && options.errorContext && error) options.reportRequestError(error instanceof Error ? error : new Error(getThrownValueMessage(error)), options.requestInfo, options.errorContext);
+		if (nodeEnv === "production" && error) return errorDigest(getThrownValueMessage(error) + getThrownValueStack(error));
+	};
+}
+//#endregion
+export { createRscOnErrorHandler, errorDigest, sanitizeErrorForClient };
+//# sourceMappingURL=app-rsc-errors.js.map

package/dist/server/app-rsc-errors.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"app-rsc-errors.js","names":[],"sources":["../../src/server/app-rsc-errors.ts"],"sourcesContent":["import { resolveAppPageSpecialError } from \"./app-page-execution.js\";\n\ntype DigestError = Error & { digest?: string };\n\ntype RscRequestInfo = {\n path: string;\n method: string;\n headers: Record<string, string>;\n};\n\ntype RscErrorContext = {\n routerKind: \"App Router\";\n routePath: string;\n routeType: \"render\";\n};\n\ntype RscErrorReporter = (\n error: Error,\n requestInfo: RscRequestInfo,\n errorContext: RscErrorContext,\n) => void;\n\ntype CreateRscOnErrorHandlerOptions = {\n errorContext: RscErrorContext | null;\n nodeEnv?: string;\n reportRequestError: RscErrorReporter;\n requestInfo: RscRequestInfo | null;\n};\n\nfunction hasDigest(error: unknown): error is { digest: unknown } {\n return Boolean(error && typeof error === \"object\" && \"digest\" in error);\n}\n\nfunction getThrownValueMessage(error: unknown): string {\n return error instanceof Error ? error.message : String(error);\n}\n\nfunction getThrownValueStack(error: unknown): string {\n return error instanceof Error ? error.stack || \"\" : \"\";\n}\n\n/**\n * djb2 hash matching Next.js's string-hash package for RSC error digests.\n */\nexport function errorDigest(input: string): string {\n let hash = 5381;\n for (let i = input.length - 1; i >= 0; i--) {\n hash = (hash * 33) ^ input.charCodeAt(i);\n }\n return (hash >>> 0).toString();\n}\n\nexport function sanitizeErrorForClient(error: unknown, nodeEnv = process.env.NODE_ENV): unknown {\n if (resolveAppPageSpecialError(error)) {\n return error;\n }\n\n if (nodeEnv !== \"production\") {\n return error;\n }\n\n const sanitized: DigestError = new Error(\n \"An error occurred in the Server Components render. \" +\n \"The specific message is omitted in production builds to avoid leaking sensitive details. \" +\n \"A digest property is included on this error instance which may provide additional details about the nature of the error.\",\n );\n sanitized.digest = errorDigest(getThrownValueMessage(error) + getThrownValueStack(error));\n return sanitized;\n}\n\nexport function createRscOnErrorHandler(\n options: CreateRscOnErrorHandlerOptions,\n): (error: unknown) => string | undefined {\n return (error) => {\n const nodeEnv = options.nodeEnv ?? process.env.NODE_ENV;\n\n if (hasDigest(error)) {\n return String(error.digest);\n }\n\n if (\n nodeEnv !== \"production\" &&\n error instanceof Error &&\n error.message.includes(\n \"Only plain objects, and a few built-ins, can be passed to Client Components\",\n )\n ) {\n console.error(\n \"[vinext] RSC serialization error: a non-plain object was passed from a Server Component to a Client Component.\\n\" +\n \"\\n\" +\n \"Common causes:\\n\" +\n \" * Passing a module namespace (import * as X) directly as a prop.\\n\" +\n \" Unlike Next.js (webpack), Vite produces real ESM module namespace objects\\n\" +\n \" which are not serializable. Fix: pass individual values instead,\\n\" +\n \" e.g. <Comp value={module.value} />\\n\" +\n \" * Passing a class instance (new Foo()) as a prop.\\n\" +\n \" Fix: convert to a plain object, e.g. { id: foo.id, name: foo.name }\\n\" +\n \" * Passing a Date, Map, or Set. Use .toISOString(), [...map.entries()], etc.\\n\" +\n \" * Passing Object.create(null). Use { ...obj } to restore a prototype.\\n\" +\n \"\\n\" +\n \"Original error:\",\n error.message,\n );\n return undefined;\n }\n\n if (options.requestInfo && options.errorContext && error) {\n options.reportRequestError(\n error instanceof Error ? error : new Error(getThrownValueMessage(error)),\n options.requestInfo,\n options.errorContext,\n );\n }\n\n if (nodeEnv === \"production\" && error) {\n return errorDigest(getThrownValueMessage(error) + getThrownValueStack(error));\n }\n\n return undefined;\n };\n}\n"],"mappings":";;AA6BA,SAAS,UAAU,OAA8C;AAC/D,QAAO,QAAQ,SAAS,OAAO,UAAU,YAAY,YAAY,MAAM;;AAGzE,SAAS,sBAAsB,OAAwB;AACrD,QAAO,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM;;AAG/D,SAAS,oBAAoB,OAAwB;AACnD,QAAO,iBAAiB,QAAQ,MAAM,SAAS,KAAK;;;;;AAMtD,SAAgB,YAAY,OAAuB;CACjD,IAAI,OAAO;AACX,MAAK,IAAI,IAAI,MAAM,SAAS,GAAG,KAAK,GAAG,IACrC,QAAQ,OAAO,KAAM,MAAM,WAAW,EAAE;AAE1C,SAAQ,SAAS,GAAG,UAAU;;AAGhC,SAAgB,uBAAuB,OAAgB,UAAU,QAAQ,IAAI,UAAmB;AAC9F,KAAI,2BAA2B,MAAM,CACnC,QAAO;AAGT,KAAI,YAAY,aACd,QAAO;CAGT,MAAM,4BAAyB,IAAI,MACjC,uQAGD;AACD,WAAU,SAAS,YAAY,sBAAsB,MAAM,GAAG,oBAAoB,MAAM,CAAC;AACzF,QAAO;;AAGT,SAAgB,wBACd,SACwC;AACxC,SAAQ,UAAU;EAChB,MAAM,UAAU,QAAQ,WAAW,QAAQ,IAAI;AAE/C,MAAI,UAAU,MAAM,CAClB,QAAO,OAAO,MAAM,OAAO;AAG7B,MACE,YAAY,gBACZ,iBAAiB,SACjB,MAAM,QAAQ,SACZ,8EACD,EACD;AACA,WAAQ,MACN,8qBAaA,MAAM,QACP;AACD;;AAGF,MAAI,QAAQ,eAAe,QAAQ,gBAAgB,MACjD,SAAQ,mBACN,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,sBAAsB,MAAM,CAAC,EACxE,QAAQ,aACR,QAAQ,aACT;AAGH,MAAI,YAAY,gBAAgB,MAC9B,QAAO,YAAY,sBAAsB,MAAM,GAAG,oBAAoB,MAAM,CAAC"}

package/dist/server/app-rsc-handler.d.ts ADDED Viewed

@@ -0,0 +1,117 @@
+import { NextHeader, NextI18nConfig, NextRedirect, NextRewrite } from "../config/next-config.js";
+import { MiddlewareModule } from "./middleware-runtime.js";
+import { AppMiddlewareContext } from "./app-middleware.js";
+import { handleAppPrerenderEndpoint } from "./app-prerender-endpoints.js";
+import { handleMetadataRouteRequest } from "./metadata-route-response.js";
+//#region src/server/app-rsc-handler.d.ts
+type AppPageParams = Record<string, string | string[]>;
+type MetadataRoutes = Parameters<typeof handleMetadataRouteRequest>[0]["metadataRoutes"];
+type MakeThenableParams = Parameters<typeof handleMetadataRouteRequest>[0]["makeThenableParams"];
+type StaticParamsMap = Parameters<typeof handleAppPrerenderEndpoint>[1]["staticParamsMap"];
+type RootParamNamesMap = Parameters<typeof handleAppPrerenderEndpoint>[1]["rootParamNamesByPattern"];
+type AppRscMiddlewareContext = AppMiddlewareContext;
+type AppRscHandlerRoute = {
+  page?: unknown;
+  pattern: string;
+  rootParamNames?: readonly string[];
+  routeHandler?: unknown;
+  routeSegments: readonly string[];
+};
+type AppRscRouteMatch<TRoute> = {
+  params: AppPageParams;
+  route: TRoute;
+};
+type DispatchMatchedPageOptions<TRoute> = {
+  cleanPathname: string;
+  handlerStart: number;
+  interceptionContext: string | null;
+  isRscRequest: boolean;
+  middlewareContext: AppRscMiddlewareContext;
+  mountedSlotsHeader: string | null;
+  params: AppPageParams;
+  request: Request;
+  route: TRoute;
+  scriptNonce?: string;
+  searchParams: URLSearchParams;
+};
+type DispatchMatchedRouteHandlerOptions<TRoute> = {
+  cleanPathname: string;
+  middlewareContext: AppRscMiddlewareContext;
+  params: AppPageParams;
+  request: Request;
+  route: TRoute;
+  searchParams: URLSearchParams;
+};
+type HandleProgressiveActionRequestOptions = {
+  actionId: string | null;
+  cleanPathname: string;
+  contentType: string;
+  middlewareContext: AppRscMiddlewareContext;
+  request: Request;
+};
+type HandleServerActionRequestOptions = {
+  actionId: string | null;
+  cleanPathname: string;
+  contentType: string;
+  interceptionContext: string | null;
+  isRscRequest: boolean;
+  middlewareContext: AppRscMiddlewareContext;
+  mountedSlotsHeader: string | null;
+  request: Request;
+  searchParams: URLSearchParams;
+};
+type RenderNotFoundOptions<TRoute> = {
+  isRscRequest: boolean;
+  matchedParams?: AppPageParams;
+  middlewareContext: AppRscMiddlewareContext;
+  request: Request;
+  route: TRoute | null;
+  scriptNonce?: string;
+};
+type RenderPagesFallbackOptions = {
+  isRscRequest: boolean;
+  middlewareContext: AppRscMiddlewareContext;
+  request: Request;
+  url: URL;
+};
+type NavigationContextValue = {
+  params: AppPageParams;
+  pathname: string;
+  searchParams: URLSearchParams;
+};
+type CreateAppRscHandlerOptions<TRoute extends AppRscHandlerRoute> = {
+  basePath: string;
+  clearRequestContext: () => void;
+  configHeaders: NextHeader[];
+  configRedirects: NextRedirect[];
+  configRewrites: {
+    afterFiles: NextRewrite[];
+    beforeFiles: NextRewrite[];
+    fallback: NextRewrite[];
+  };
+  dispatchMatchedPage: (options: DispatchMatchedPageOptions<TRoute>) => Promise<Response>;
+  dispatchMatchedRouteHandler: (options: DispatchMatchedRouteHandlerOptions<TRoute>) => Promise<Response>;
+  ensureInstrumentation?: () => Promise<void>;
+  handleProgressiveActionRequest: (options: HandleProgressiveActionRequestOptions) => Promise<Response | null>;
+  handleServerActionRequest: (options: HandleServerActionRequestOptions) => Promise<Response | null>;
+  i18nConfig: NextI18nConfig | null;
+  isMiddlewareProxy: boolean;
+  loadPrerenderPagesRoutes?: () => Promise<unknown>;
+  makeThenableParams: MakeThenableParams;
+  matchRoute: (pathname: string) => AppRscRouteMatch<TRoute> | null;
+  metadataRoutes: MetadataRoutes;
+  middlewareModule: MiddlewareModule | null;
+  publicFiles: ReadonlySet<string>;
+  renderNotFound: (options: RenderNotFoundOptions<TRoute>) => Promise<Response | null>;
+  renderPagesFallback?: (options: RenderPagesFallbackOptions) => Promise<Response | null>;
+  rootParamNamesByPattern?: RootParamNamesMap;
+  setNavigationContext: (context: NavigationContextValue) => void;
+  staticParamsMap: StaticParamsMap;
+  trailingSlash: boolean;
+  validateDevRequestOrigin?: (request: Request) => Response | null;
+};
+declare function createAppRscHandler<TRoute extends AppRscHandlerRoute>(options: CreateAppRscHandlerOptions<TRoute>): (request: Request, ctx: unknown) => Promise<Response>;
+//#endregion
+export { createAppRscHandler };
+//# sourceMappingURL=app-rsc-handler.d.ts.map

package/dist/server/app-rsc-handler.js ADDED Viewed

@@ -0,0 +1,260 @@
+import { createRequestContext, runWithRequestContext } from "../shims/unified-request-context.js";
+import { getRequestExecutionContext } from "../shims/request-context.js";
+import { isExternalUrl, matchRedirect, matchRewrite, proxyExternalRequest, requestContextFromRequest, sanitizeDestination } from "../config/config-matchers.js";
+import { hasBasePath } from "../utils/base-path.js";
+import { normalizeTrailingSlash, resolvePublicFileRoute, validateImageUrl } from "./request-pipeline.js";
+import { headersContextFromRequest } from "../shims/headers.js";
+import { ensureFetchPatch, setCurrentFetchSoftTags } from "../shims/fetch-cache.js";
+import { getScriptNonceFromHeaderSources } from "./csp.js";
+import { mergeMiddlewareResponseHeaders } from "./middleware-response-headers.js";
+import { applyAppMiddleware } from "./app-middleware.js";
+import { buildPageCacheTags } from "./implicit-tags.js";
+import { buildPostMwRequestContext } from "./app-post-middleware-context.js";
+import { pickRootParams, setRootParams } from "../shims/root-params.js";
+import { handleAppPrerenderEndpoint } from "./app-prerender-endpoints.js";
+import { flattenErrorCauses } from "../utils/error-cause.js";
+import { finalizeAppRscResponse } from "./app-rsc-response-finalizer.js";
+import { normalizeRscRequest } from "./app-rsc-request-normalization.js";
+import { handleMetadataRouteRequest } from "./metadata-route-response.js";
+import { runWithPrerenderWorkUnit } from "./prerender-work-unit-setup.js";
+//#region src/server/app-rsc-handler.ts
+function hasProperty(value, key) {
+	return key in value;
+}
+function isExecutionContextLike(value) {
+	if (!value || typeof value !== "object") return false;
+	return hasProperty(value, "waitUntil") && typeof value.waitUntil === "function";
+}
+function redirectDestinationWithBasePath(destination, basePath) {
+	if (!basePath || isExternalUrl(destination) || hasBasePath(destination, basePath)) return destination;
+	return basePath + destination;
+}
+async function applyRewrite(options, cleanPathname) {
+	if (!options.rewrites.length) return null;
+	const rewritten = matchRewrite(cleanPathname, options.rewrites, options.requestContext);
+	if (!rewritten) return null;
+	if (isExternalUrl(rewritten)) {
+		options.clearRequestContext();
+		return proxyExternalRequest(options.request, rewritten);
+	}
+	return rewritten;
+}
+async function handleAppRscRequest(options, request, preMiddlewareRequestContext) {
+	const handlerStart = process.env.NODE_ENV !== "production" ? performance.now() : 0;
+	if (process.env.NODE_ENV !== "production") {
+		const originBlock = options.validateDevRequestOrigin?.(request);
+		if (originBlock) return originBlock;
+	}
+	const normalized = normalizeRscRequest(request, options.basePath);
+	if (normalized instanceof Response) return normalized;
+	const { url, isRscRequest, interceptionContextHeader, mountedSlotsHeader } = normalized;
+	let { pathname, cleanPathname } = normalized;
+	const prerenderEndpointResponse = await handleAppPrerenderEndpoint(request, {
+		isPrerenderEnabled() {
+			return process.env.VINEXT_PRERENDER === "1";
+		},
+		loadPagesRoutes: options.loadPrerenderPagesRoutes,
+		pathname,
+		rootParamNamesByPattern: options.rootParamNamesByPattern,
+		staticParamsMap: options.staticParamsMap
+	});
+	if (prerenderEndpointResponse) return prerenderEndpointResponse;
+	const trailingSlashRedirect = normalizeTrailingSlash(pathname, options.basePath, options.trailingSlash, url.search);
+	if (trailingSlashRedirect) return trailingSlashRedirect;
+	const redirect = matchRedirect(pathname.endsWith(".rsc") ? pathname.slice(0, -4) : pathname, options.configRedirects, preMiddlewareRequestContext);
+	if (redirect) {
+		const destination = sanitizeDestination(redirectDestinationWithBasePath(redirect.destination, options.basePath));
+		return new Response(null, {
+			status: redirect.permanent ? 308 : 307,
+			headers: { Location: destination }
+		});
+	}
+	const middlewareContext = {
+		headers: null,
+		requestHeaders: null,
+		status: null
+	};
+	if (options.middlewareModule) {
+		const middlewareResult = await applyAppMiddleware({
+			basePath: options.basePath,
+			cleanPathname,
+			context: middlewareContext,
+			i18nConfig: options.i18nConfig,
+			isProxy: options.isMiddlewareProxy,
+			module: options.middlewareModule,
+			request
+		});
+		if (middlewareResult.kind === "response") return middlewareResult.response;
+		cleanPathname = middlewareResult.cleanPathname;
+		if (middlewareResult.search !== null) url.search = middlewareResult.search;
+	}
+	const scriptNonce = getScriptNonceFromHeaderSources(request.headers, middlewareContext.headers);
+	const postMiddlewareRequestContext = buildPostMwRequestContext(request);
+	const beforeFilesRewrite = await applyRewrite({
+		clearRequestContext: options.clearRequestContext,
+		request,
+		requestContext: postMiddlewareRequestContext,
+		rewrites: options.configRewrites.beforeFiles
+	}, cleanPathname);
+	if (beforeFilesRewrite instanceof Response) return beforeFilesRewrite;
+	if (beforeFilesRewrite) cleanPathname = beforeFilesRewrite;
+	if (cleanPathname === "/_vinext/image") {
+		const imageUrlResult = validateImageUrl(url.searchParams.get("url"), request.url);
+		if (imageUrlResult instanceof Response) return imageUrlResult;
+		return Response.redirect(new URL(imageUrlResult, url.origin).href, 302);
+	}
+	const metadataRouteResponse = await handleMetadataRouteRequest({
+		metadataRoutes: options.metadataRoutes,
+		cleanPathname,
+		makeThenableParams: options.makeThenableParams
+	});
+	if (metadataRouteResponse) return metadataRouteResponse;
+	const publicFileResponse = resolvePublicFileRoute({
+		cleanPathname,
+		middlewareContext,
+		pathname,
+		publicFiles: options.publicFiles,
+		request
+	});
+	if (publicFileResponse) {
+		options.clearRequestContext();
+		return publicFileResponse;
+	}
+	options.setNavigationContext({
+		pathname: cleanPathname,
+		searchParams: url.searchParams,
+		params: {}
+	});
+	const actionId = request.headers.get("x-rsc-action") ?? request.headers.get("next-action");
+	const contentType = request.headers.get("content-type") || "";
+	const progressiveActionResponse = await options.handleProgressiveActionRequest({
+		actionId,
+		cleanPathname,
+		contentType,
+		middlewareContext,
+		request
+	});
+	if (progressiveActionResponse) return progressiveActionResponse;
+	const serverActionResponse = await options.handleServerActionRequest({
+		actionId,
+		cleanPathname,
+		contentType,
+		interceptionContext: interceptionContextHeader,
+		isRscRequest,
+		middlewareContext,
+		mountedSlotsHeader,
+		request,
+		searchParams: url.searchParams
+	});
+	if (serverActionResponse) return serverActionResponse;
+	const afterFilesRewrite = await applyRewrite({
+		clearRequestContext: options.clearRequestContext,
+		request,
+		requestContext: postMiddlewareRequestContext,
+		rewrites: options.configRewrites.afterFiles
+	}, cleanPathname);
+	if (afterFilesRewrite instanceof Response) return afterFilesRewrite;
+	if (afterFilesRewrite) cleanPathname = afterFilesRewrite;
+	let match = options.matchRoute(cleanPathname);
+	if (!match) {
+		const fallbackRewrite = await applyRewrite({
+			clearRequestContext: options.clearRequestContext,
+			request,
+			requestContext: postMiddlewareRequestContext,
+			rewrites: options.configRewrites.fallback
+		}, cleanPathname);
+		if (fallbackRewrite instanceof Response) return fallbackRewrite;
+		if (fallbackRewrite) {
+			cleanPathname = fallbackRewrite;
+			match = options.matchRoute(cleanPathname);
+		}
+	}
+	if (!match) {
+		const pagesFallbackResponse = await options.renderPagesFallback?.({
+			isRscRequest,
+			middlewareContext,
+			request,
+			url
+		});
+		if (pagesFallbackResponse) {
+			options.clearRequestContext();
+			return pagesFallbackResponse;
+		}
+		const notFoundResponse = await options.renderNotFound({
+			isRscRequest,
+			middlewareContext,
+			request,
+			route: null,
+			scriptNonce
+		});
+		if (notFoundResponse) return notFoundResponse;
+		options.clearRequestContext();
+		const headers = new Headers();
+		mergeMiddlewareResponseHeaders(headers, middlewareContext.headers);
+		return new Response("Not Found", {
+			status: 404,
+			headers
+		});
+	}
+	const { route, params } = match;
+	options.setNavigationContext({
+		pathname: cleanPathname,
+		searchParams: url.searchParams,
+		params
+	});
+	setRootParams(pickRootParams(params, route.rootParamNames));
+	if (route.routeHandler) {
+		setCurrentFetchSoftTags(buildPageCacheTags(cleanPathname, [], [...route.routeSegments], "route"));
+		return options.dispatchMatchedRouteHandler({
+			cleanPathname,
+			middlewareContext,
+			params,
+			request,
+			route,
+			searchParams: url.searchParams
+		});
+	}
+	return options.dispatchMatchedPage({
+		cleanPathname,
+		handlerStart,
+		interceptionContext: interceptionContextHeader,
+		isRscRequest,
+		middlewareContext,
+		mountedSlotsHeader,
+		params,
+		request,
+		route,
+		scriptNonce,
+		searchParams: url.searchParams
+	});
+}
+function createAppRscHandler(options) {
+	return async function appRscHandler(request, ctx) {
+		await options.ensureInstrumentation?.();
+		const executionContext = isExecutionContextLike(ctx) ? ctx : getRequestExecutionContext() ?? null;
+		return runWithRequestContext(createRequestContext({
+			headersContext: headersContextFromRequest(request),
+			executionContext,
+			unstableCacheRevalidation: "background"
+		}), () => runWithPrerenderWorkUnit(async () => {
+			ensureFetchPatch();
+			const preMiddlewareRequestContext = requestContextFromRequest(request);
+			let response;
+			try {
+				response = await handleAppRscRequest(options, request, preMiddlewareRequestContext);
+			} catch (error) {
+				if (process.env.NODE_ENV !== "production") flattenErrorCauses(error);
+				throw error;
+			}
+			return finalizeAppRscResponse(response, request, {
+				basePath: options.basePath,
+				configHeaders: options.configHeaders,
+				requestContext: preMiddlewareRequestContext
+			});
+		}, { route: () => new URL(request.url).pathname }));
+	};
+}
+//#endregion
+export { createAppRscHandler };
+//# sourceMappingURL=app-rsc-handler.js.map

package/dist/server/app-rsc-handler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"app-rsc-handler.js","names":[],"sources":["../../src/server/app-rsc-handler.ts"],"sourcesContent":["import type {\n NextHeader,\n NextI18nConfig,\n NextRedirect,\n NextRewrite,\n} from \"../config/next-config.js\";\nimport {\n isExternalUrl,\n matchRedirect,\n matchRewrite,\n proxyExternalRequest,\n requestContextFromRequest,\n sanitizeDestination,\n} from \"../config/config-matchers.js\";\nimport { headersContextFromRequest } from \"vinext/shims/headers\";\nimport { ensureFetchPatch, setCurrentFetchSoftTags } from \"vinext/shims/fetch-cache\";\nimport {\n getRequestExecutionContext,\n type ExecutionContextLike,\n} from \"vinext/shims/request-context\";\nimport { pickRootParams, setRootParams } from \"vinext/shims/root-params\";\nimport { createRequestContext, runWithRequestContext } from \"vinext/shims/unified-request-context\";\nimport { flattenErrorCauses } from \"../utils/error-cause.js\";\nimport { hasBasePath } from \"../utils/base-path.js\";\nimport { applyAppMiddleware, type AppMiddlewareContext } from \"./app-middleware.js\";\nimport { mergeMiddlewareResponseHeaders } from \"./app-page-response.js\";\nimport { handleAppPrerenderEndpoint } from \"./app-prerender-endpoints.js\";\nimport { finalizeAppRscResponse } from \"./app-rsc-response-finalizer.js\";\nimport { normalizeRscRequest } from \"./app-rsc-request-normalization.js\";\nimport { getScriptNonceFromHeaderSources } from \"./csp.js\";\nimport { buildPageCacheTags } from \"./implicit-tags.js\";\nimport { handleMetadataRouteRequest } from \"./metadata-route-response.js\";\nimport type { MiddlewareModule } from \"./middleware-runtime.js\";\nimport { runWithPrerenderWorkUnit } from \"./prerender-work-unit-setup.js\";\nimport { buildPostMwRequestContext } from \"./app-post-middleware-context.js\";\nimport {\n normalizeTrailingSlash,\n resolvePublicFileRoute,\n validateImageUrl,\n} from \"./request-pipeline.js\";\n\ntype AppPageParams = Record<string, string | string[]>;\ntype RequestContext = ReturnType<typeof requestContextFromRequest>;\ntype MetadataRoutes = Parameters<typeof handleMetadataRouteRequest>[0][\"metadataRoutes\"];\ntype MakeThenableParams = Parameters<typeof handleMetadataRouteRequest>[0][\"makeThenableParams\"];\ntype StaticParamsMap = Parameters<typeof handleAppPrerenderEndpoint>[1][\"staticParamsMap\"];\ntype RootParamNamesMap = Parameters<\n typeof handleAppPrerenderEndpoint\n>[1][\"rootParamNamesByPattern\"];\n\ntype AppRscMiddlewareContext = AppMiddlewareContext;\n\ntype AppRscHandlerRoute = {\n page?: unknown;\n pattern: string;\n rootParamNames?: readonly string[];\n routeHandler?: unknown;\n routeSegments: readonly string[];\n};\n\ntype AppRscRouteMatch<TRoute> = {\n params: AppPageParams;\n route: TRoute;\n};\n\ntype DispatchMatchedPageOptions<TRoute> = {\n cleanPathname: string;\n handlerStart: number;\n interceptionContext: string | null;\n isRscRequest: boolean;\n middlewareContext: AppRscMiddlewareContext;\n mountedSlotsHeader: string | null;\n params: AppPageParams;\n request: Request;\n route: TRoute;\n scriptNonce?: string;\n searchParams: URLSearchParams;\n};\n\ntype DispatchMatchedRouteHandlerOptions<TRoute> = {\n cleanPathname: string;\n middlewareContext: AppRscMiddlewareContext;\n params: AppPageParams;\n request: Request;\n route: TRoute;\n searchParams: URLSearchParams;\n};\n\ntype HandleProgressiveActionRequestOptions = {\n actionId: string | null;\n cleanPathname: string;\n contentType: string;\n middlewareContext: AppRscMiddlewareContext;\n request: Request;\n};\n\ntype HandleServerActionRequestOptions = {\n actionId: string | null;\n cleanPathname: string;\n contentType: string;\n interceptionContext: string | null;\n isRscRequest: boolean;\n middlewareContext: AppRscMiddlewareContext;\n mountedSlotsHeader: string | null;\n request: Request;\n searchParams: URLSearchParams;\n};\n\ntype RenderNotFoundOptions<TRoute> = {\n isRscRequest: boolean;\n matchedParams?: AppPageParams;\n middlewareContext: AppRscMiddlewareContext;\n request: Request;\n route: TRoute | null;\n scriptNonce?: string;\n};\n\ntype RenderPagesFallbackOptions = {\n isRscRequest: boolean;\n middlewareContext: AppRscMiddlewareContext;\n request: Request;\n url: URL;\n};\n\ntype NavigationContextValue = {\n params: AppPageParams;\n pathname: string;\n searchParams: URLSearchParams;\n};\n\ntype CreateAppRscHandlerOptions<TRoute extends AppRscHandlerRoute> = {\n basePath: string;\n clearRequestContext: () => void;\n configHeaders: NextHeader[];\n configRedirects: NextRedirect[];\n configRewrites: {\n afterFiles: NextRewrite[];\n beforeFiles: NextRewrite[];\n fallback: NextRewrite[];\n };\n dispatchMatchedPage: (options: DispatchMatchedPageOptions<TRoute>) => Promise<Response>;\n dispatchMatchedRouteHandler: (\n options: DispatchMatchedRouteHandlerOptions<TRoute>,\n ) => Promise<Response>;\n ensureInstrumentation?: () => Promise<void>;\n handleProgressiveActionRequest: (\n options: HandleProgressiveActionRequestOptions,\n ) => Promise<Response | null>;\n handleServerActionRequest: (\n options: HandleServerActionRequestOptions,\n ) => Promise<Response | null>;\n i18nConfig: NextI18nConfig | null;\n isMiddlewareProxy: boolean;\n loadPrerenderPagesRoutes?: () => Promise<unknown>;\n makeThenableParams: MakeThenableParams;\n matchRoute: (pathname: string) => AppRscRouteMatch<TRoute> | null;\n metadataRoutes: MetadataRoutes;\n middlewareModule: MiddlewareModule | null;\n publicFiles: ReadonlySet<string>;\n renderNotFound: (options: RenderNotFoundOptions<TRoute>) => Promise<Response | null>;\n renderPagesFallback?: (options: RenderPagesFallbackOptions) => Promise<Response | null>;\n rootParamNamesByPattern?: RootParamNamesMap;\n setNavigationContext: (context: NavigationContextValue) => void;\n staticParamsMap: StaticParamsMap;\n trailingSlash: boolean;\n validateDevRequestOrigin?: (request: Request) => Response | null;\n};\n\nfunction hasProperty<TKey extends PropertyKey>(\n value: object,\n key: TKey,\n): value is object & Record<TKey, unknown> {\n return key in value;\n}\n\nfunction isExecutionContextLike(value: unknown): value is ExecutionContextLike {\n if (!value || typeof value !== \"object\") return false;\n return hasProperty(value, \"waitUntil\") && typeof value.waitUntil === \"function\";\n}\n\nfunction redirectDestinationWithBasePath(destination: string, basePath: string): string {\n if (!basePath || isExternalUrl(destination) || hasBasePath(destination, basePath)) {\n return destination;\n }\n return basePath + destination;\n}\n\nasync function applyRewrite(\n options: {\n clearRequestContext: () => void;\n request: Request;\n requestContext: RequestContext;\n rewrites: NextRewrite[];\n },\n cleanPathname: string,\n): Promise<Response | string | null> {\n if (!options.rewrites.length) return null;\n\n const rewritten = matchRewrite(cleanPathname, options.rewrites, options.requestContext);\n if (!rewritten) return null;\n\n if (isExternalUrl(rewritten)) {\n options.clearRequestContext();\n return proxyExternalRequest(options.request, rewritten);\n }\n\n return rewritten;\n}\n\nasync function handleAppRscRequest<TRoute extends AppRscHandlerRoute>(\n options: CreateAppRscHandlerOptions<TRoute>,\n request: Request,\n preMiddlewareRequestContext: RequestContext,\n): Promise<Response> {\n const handlerStart = process.env.NODE_ENV !== \"production\" ? performance.now() : 0;\n\n if (process.env.NODE_ENV !== \"production\") {\n const originBlock = options.validateDevRequestOrigin?.(request);\n if (originBlock) return originBlock;\n }\n\n const normalized = normalizeRscRequest(request, options.basePath);\n if (normalized instanceof Response) return normalized;\n\n const { url, isRscRequest, interceptionContextHeader, mountedSlotsHeader } = normalized;\n let { pathname, cleanPathname } = normalized;\n\n const prerenderEndpointResponse = await handleAppPrerenderEndpoint(request, {\n isPrerenderEnabled() {\n return process.env.VINEXT_PRERENDER === \"1\";\n },\n loadPagesRoutes: options.loadPrerenderPagesRoutes,\n pathname,\n rootParamNamesByPattern: options.rootParamNamesByPattern,\n staticParamsMap: options.staticParamsMap,\n });\n if (prerenderEndpointResponse) return prerenderEndpointResponse;\n\n const trailingSlashRedirect = normalizeTrailingSlash(\n pathname,\n options.basePath,\n options.trailingSlash,\n url.search,\n );\n if (trailingSlashRedirect) return trailingSlashRedirect;\n\n const redirectPathname = pathname.endsWith(\".rsc\") ? pathname.slice(0, -4) : pathname;\n const redirect = matchRedirect(\n redirectPathname,\n options.configRedirects,\n preMiddlewareRequestContext,\n );\n if (redirect) {\n const destination = sanitizeDestination(\n redirectDestinationWithBasePath(redirect.destination, options.basePath),\n );\n return new Response(null, {\n status: redirect.permanent ? 308 : 307,\n headers: { Location: destination },\n });\n }\n\n const middlewareContext: AppRscMiddlewareContext = {\n headers: null,\n requestHeaders: null,\n status: null,\n };\n\n if (options.middlewareModule) {\n const middlewareResult = await applyAppMiddleware({\n basePath: options.basePath,\n cleanPathname,\n context: middlewareContext,\n i18nConfig: options.i18nConfig,\n isProxy: options.isMiddlewareProxy,\n module: options.middlewareModule,\n request,\n });\n if (middlewareResult.kind === \"response\") return middlewareResult.response;\n\n cleanPathname = middlewareResult.cleanPathname;\n if (middlewareResult.search !== null) {\n url.search = middlewareResult.search;\n }\n }\n\n const scriptNonce = getScriptNonceFromHeaderSources(request.headers, middlewareContext.headers);\n const postMiddlewareRequestContext = buildPostMwRequestContext(request);\n\n const beforeFilesRewrite = await applyRewrite(\n {\n clearRequestContext: options.clearRequestContext,\n request,\n requestContext: postMiddlewareRequestContext,\n rewrites: options.configRewrites.beforeFiles,\n },\n cleanPathname,\n );\n if (beforeFilesRewrite instanceof Response) return beforeFilesRewrite;\n if (beforeFilesRewrite) cleanPathname = beforeFilesRewrite;\n\n if (cleanPathname === \"/_vinext/image\") {\n const imageUrlResult = validateImageUrl(url.searchParams.get(\"url\"), request.url);\n if (imageUrlResult instanceof Response) return imageUrlResult;\n return Response.redirect(new URL(imageUrlResult, url.origin).href, 302);\n }\n\n const metadataRouteResponse = await handleMetadataRouteRequest({\n metadataRoutes: options.metadataRoutes,\n cleanPathname,\n makeThenableParams: options.makeThenableParams,\n });\n if (metadataRouteResponse) return metadataRouteResponse;\n\n const publicFileResponse = resolvePublicFileRoute({\n cleanPathname,\n middlewareContext,\n pathname,\n publicFiles: options.publicFiles,\n request,\n });\n if (publicFileResponse) {\n options.clearRequestContext();\n return publicFileResponse;\n }\n\n options.setNavigationContext({\n pathname: cleanPathname,\n searchParams: url.searchParams,\n params: {},\n });\n\n const actionId = request.headers.get(\"x-rsc-action\") ?? request.headers.get(\"next-action\");\n const contentType = request.headers.get(\"content-type\") || \"\";\n\n const progressiveActionResponse = await options.handleProgressiveActionRequest({\n actionId,\n cleanPathname,\n contentType,\n middlewareContext,\n request,\n });\n if (progressiveActionResponse) return progressiveActionResponse;\n\n const serverActionResponse = await options.handleServerActionRequest({\n actionId,\n cleanPathname,\n contentType,\n interceptionContext: interceptionContextHeader,\n isRscRequest,\n middlewareContext,\n mountedSlotsHeader,\n request,\n searchParams: url.searchParams,\n });\n if (serverActionResponse) return serverActionResponse;\n\n const afterFilesRewrite = await applyRewrite(\n {\n clearRequestContext: options.clearRequestContext,\n request,\n requestContext: postMiddlewareRequestContext,\n rewrites: options.configRewrites.afterFiles,\n },\n cleanPathname,\n );\n if (afterFilesRewrite instanceof Response) return afterFilesRewrite;\n if (afterFilesRewrite) cleanPathname = afterFilesRewrite;\n\n let match = options.matchRoute(cleanPathname);\n if (!match) {\n const fallbackRewrite = await applyRewrite(\n {\n clearRequestContext: options.clearRequestContext,\n request,\n requestContext: postMiddlewareRequestContext,\n rewrites: options.configRewrites.fallback,\n },\n cleanPathname,\n );\n if (fallbackRewrite instanceof Response) return fallbackRewrite;\n if (fallbackRewrite) {\n cleanPathname = fallbackRewrite;\n match = options.matchRoute(cleanPathname);\n }\n }\n\n if (!match) {\n const pagesFallbackResponse = await options.renderPagesFallback?.({\n isRscRequest,\n middlewareContext,\n request,\n url,\n });\n if (pagesFallbackResponse) {\n options.clearRequestContext();\n return pagesFallbackResponse;\n }\n\n const notFoundResponse = await options.renderNotFound({\n isRscRequest,\n middlewareContext,\n request,\n route: null,\n scriptNonce,\n });\n if (notFoundResponse) return notFoundResponse;\n\n options.clearRequestContext();\n const headers = new Headers();\n mergeMiddlewareResponseHeaders(headers, middlewareContext.headers);\n return new Response(\"Not Found\", { status: 404, headers });\n }\n\n const { route, params } = match;\n options.setNavigationContext({\n pathname: cleanPathname,\n searchParams: url.searchParams,\n params,\n });\n setRootParams(pickRootParams(params, route.rootParamNames));\n\n if (route.routeHandler) {\n setCurrentFetchSoftTags(\n buildPageCacheTags(cleanPathname, [], [...route.routeSegments], \"route\"),\n );\n return options.dispatchMatchedRouteHandler({\n cleanPathname,\n middlewareContext,\n params,\n request,\n route,\n searchParams: url.searchParams,\n });\n }\n\n return options.dispatchMatchedPage({\n cleanPathname,\n handlerStart,\n interceptionContext: interceptionContextHeader,\n isRscRequest,\n middlewareContext,\n mountedSlotsHeader,\n params,\n request,\n route,\n scriptNonce,\n searchParams: url.searchParams,\n });\n}\n\nexport function createAppRscHandler<TRoute extends AppRscHandlerRoute>(\n options: CreateAppRscHandlerOptions<TRoute>,\n): (request: Request, ctx: unknown) => Promise<Response> {\n return async function appRscHandler(request, ctx) {\n await options.ensureInstrumentation?.();\n\n const executionContext = isExecutionContextLike(ctx)\n ? ctx\n : (getRequestExecutionContext() ?? null);\n const headersContext = headersContextFromRequest(request);\n const requestContext = createRequestContext({\n headersContext,\n executionContext,\n unstableCacheRevalidation: \"background\",\n });\n\n return runWithRequestContext(requestContext, () =>\n runWithPrerenderWorkUnit(\n async () => {\n ensureFetchPatch();\n const preMiddlewareRequestContext = requestContextFromRequest(request);\n let response: Response;\n\n try {\n response = await handleAppRscRequest(options, request, preMiddlewareRequestContext);\n } catch (error) {\n if (process.env.NODE_ENV !== \"production\") {\n flattenErrorCauses(error);\n }\n throw error;\n }\n\n return finalizeAppRscResponse(response, request, {\n basePath: options.basePath,\n configHeaders: options.configHeaders,\n requestContext: preMiddlewareRequestContext,\n });\n },\n { route: () => new URL(request.url).pathname },\n ),\n );\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAwKA,SAAS,YACP,OACA,KACyC;AACzC,QAAO,OAAO;;AAGhB,SAAS,uBAAuB,OAA+C;AAC7E,KAAI,CAAC,SAAS,OAAO,UAAU,SAAU,QAAO;AAChD,QAAO,YAAY,OAAO,YAAY,IAAI,OAAO,MAAM,cAAc;;AAGvE,SAAS,gCAAgC,aAAqB,UAA0B;AACtF,KAAI,CAAC,YAAY,cAAc,YAAY,IAAI,YAAY,aAAa,SAAS,CAC/E,QAAO;AAET,QAAO,WAAW;;AAGpB,eAAe,aACb,SAMA,eACmC;AACnC,KAAI,CAAC,QAAQ,SAAS,OAAQ,QAAO;CAErC,MAAM,YAAY,aAAa,eAAe,QAAQ,UAAU,QAAQ,eAAe;AACvF,KAAI,CAAC,UAAW,QAAO;AAEvB,KAAI,cAAc,UAAU,EAAE;AAC5B,UAAQ,qBAAqB;AAC7B,SAAO,qBAAqB,QAAQ,SAAS,UAAU;;AAGzD,QAAO;;AAGT,eAAe,oBACb,SACA,SACA,6BACmB;CACnB,MAAM,eAAe,QAAQ,IAAI,aAAa,eAAe,YAAY,KAAK,GAAG;AAEjF,KAAI,QAAQ,IAAI,aAAa,cAAc;EACzC,MAAM,cAAc,QAAQ,2BAA2B,QAAQ;AAC/D,MAAI,YAAa,QAAO;;CAG1B,MAAM,aAAa,oBAAoB,SAAS,QAAQ,SAAS;AACjE,KAAI,sBAAsB,SAAU,QAAO;CAE3C,MAAM,EAAE,KAAK,cAAc,2BAA2B,uBAAuB;CAC7E,IAAI,EAAE,UAAU,kBAAkB;CAElC,MAAM,4BAA4B,MAAM,2BAA2B,SAAS;EAC1E,qBAAqB;AACnB,UAAO,QAAQ,IAAI,qBAAqB;;EAE1C,iBAAiB,QAAQ;EACzB;EACA,yBAAyB,QAAQ;EACjC,iBAAiB,QAAQ;EAC1B,CAAC;AACF,KAAI,0BAA2B,QAAO;CAEtC,MAAM,wBAAwB,uBAC5B,UACA,QAAQ,UACR,QAAQ,eACR,IAAI,OACL;AACD,KAAI,sBAAuB,QAAO;CAGlC,MAAM,WAAW,cADQ,SAAS,SAAS,OAAO,GAAG,SAAS,MAAM,GAAG,GAAG,GAAG,UAG3E,QAAQ,iBACR,4BACD;AACD,KAAI,UAAU;EACZ,MAAM,cAAc,oBAClB,gCAAgC,SAAS,aAAa,QAAQ,SAAS,CACxE;AACD,SAAO,IAAI,SAAS,MAAM;GACxB,QAAQ,SAAS,YAAY,MAAM;GACnC,SAAS,EAAE,UAAU,aAAa;GACnC,CAAC;;CAGJ,MAAM,oBAA6C;EACjD,SAAS;EACT,gBAAgB;EAChB,QAAQ;EACT;AAED,KAAI,QAAQ,kBAAkB;EAC5B,MAAM,mBAAmB,MAAM,mBAAmB;GAChD,UAAU,QAAQ;GAClB;GACA,SAAS;GACT,YAAY,QAAQ;GACpB,SAAS,QAAQ;GACjB,QAAQ,QAAQ;GAChB;GACD,CAAC;AACF,MAAI,iBAAiB,SAAS,WAAY,QAAO,iBAAiB;AAElE,kBAAgB,iBAAiB;AACjC,MAAI,iBAAiB,WAAW,KAC9B,KAAI,SAAS,iBAAiB;;CAIlC,MAAM,cAAc,gCAAgC,QAAQ,SAAS,kBAAkB,QAAQ;CAC/F,MAAM,+BAA+B,0BAA0B,QAAQ;CAEvE,MAAM,qBAAqB,MAAM,aAC/B;EACE,qBAAqB,QAAQ;EAC7B;EACA,gBAAgB;EAChB,UAAU,QAAQ,eAAe;EAClC,EACD,cACD;AACD,KAAI,8BAA8B,SAAU,QAAO;AACnD,KAAI,mBAAoB,iBAAgB;AAExC,KAAI,kBAAkB,kBAAkB;EACtC,MAAM,iBAAiB,iBAAiB,IAAI,aAAa,IAAI,MAAM,EAAE,QAAQ,IAAI;AACjF,MAAI,0BAA0B,SAAU,QAAO;AAC/C,SAAO,SAAS,SAAS,IAAI,IAAI,gBAAgB,IAAI,OAAO,CAAC,MAAM,IAAI;;CAGzE,MAAM,wBAAwB,MAAM,2BAA2B;EAC7D,gBAAgB,QAAQ;EACxB;EACA,oBAAoB,QAAQ;EAC7B,CAAC;AACF,KAAI,sBAAuB,QAAO;CAElC,MAAM,qBAAqB,uBAAuB;EAChD;EACA;EACA;EACA,aAAa,QAAQ;EACrB;EACD,CAAC;AACF,KAAI,oBAAoB;AACtB,UAAQ,qBAAqB;AAC7B,SAAO;;AAGT,SAAQ,qBAAqB;EAC3B,UAAU;EACV,cAAc,IAAI;EAClB,QAAQ,EAAE;EACX,CAAC;CAEF,MAAM,WAAW,QAAQ,QAAQ,IAAI,eAAe,IAAI,QAAQ,QAAQ,IAAI,cAAc;CAC1F,MAAM,cAAc,QAAQ,QAAQ,IAAI,eAAe,IAAI;CAE3D,MAAM,4BAA4B,MAAM,QAAQ,+BAA+B;EAC7E;EACA;EACA;EACA;EACA;EACD,CAAC;AACF,KAAI,0BAA2B,QAAO;CAEtC,MAAM,uBAAuB,MAAM,QAAQ,0BAA0B;EACnE;EACA;EACA;EACA,qBAAqB;EACrB;EACA;EACA;EACA;EACA,cAAc,IAAI;EACnB,CAAC;AACF,KAAI,qBAAsB,QAAO;CAEjC,MAAM,oBAAoB,MAAM,aAC9B;EACE,qBAAqB,QAAQ;EAC7B;EACA,gBAAgB;EAChB,UAAU,QAAQ,eAAe;EAClC,EACD,cACD;AACD,KAAI,6BAA6B,SAAU,QAAO;AAClD,KAAI,kBAAmB,iBAAgB;CAEvC,IAAI,QAAQ,QAAQ,WAAW,cAAc;AAC7C,KAAI,CAAC,OAAO;EACV,MAAM,kBAAkB,MAAM,aAC5B;GACE,qBAAqB,QAAQ;GAC7B;GACA,gBAAgB;GAChB,UAAU,QAAQ,eAAe;GAClC,EACD,cACD;AACD,MAAI,2BAA2B,SAAU,QAAO;AAChD,MAAI,iBAAiB;AACnB,mBAAgB;AAChB,WAAQ,QAAQ,WAAW,cAAc;;;AAI7C,KAAI,CAAC,OAAO;EACV,MAAM,wBAAwB,MAAM,QAAQ,sBAAsB;GAChE;GACA;GACA;GACA;GACD,CAAC;AACF,MAAI,uBAAuB;AACzB,WAAQ,qBAAqB;AAC7B,UAAO;;EAGT,MAAM,mBAAmB,MAAM,QAAQ,eAAe;GACpD;GACA;GACA;GACA,OAAO;GACP;GACD,CAAC;AACF,MAAI,iBAAkB,QAAO;AAE7B,UAAQ,qBAAqB;EAC7B,MAAM,UAAU,IAAI,SAAS;AAC7B,iCAA+B,SAAS,kBAAkB,QAAQ;AAClE,SAAO,IAAI,SAAS,aAAa;GAAE,QAAQ;GAAK;GAAS,CAAC;;CAG5D,MAAM,EAAE,OAAO,WAAW;AAC1B,SAAQ,qBAAqB;EAC3B,UAAU;EACV,cAAc,IAAI;EAClB;EACD,CAAC;AACF,eAAc,eAAe,QAAQ,MAAM,eAAe,CAAC;AAE3D,KAAI,MAAM,cAAc;AACtB,0BACE,mBAAmB,eAAe,EAAE,EAAE,CAAC,GAAG,MAAM,cAAc,EAAE,QAAQ,CACzE;AACD,SAAO,QAAQ,4BAA4B;GACzC;GACA;GACA;GACA;GACA;GACA,cAAc,IAAI;GACnB,CAAC;;AAGJ,QAAO,QAAQ,oBAAoB;EACjC;EACA;EACA,qBAAqB;EACrB;EACA;EACA;EACA;EACA;EACA;EACA;EACA,cAAc,IAAI;EACnB,CAAC;;AAGJ,SAAgB,oBACd,SACuD;AACvD,QAAO,eAAe,cAAc,SAAS,KAAK;AAChD,QAAM,QAAQ,yBAAyB;EAEvC,MAAM,mBAAmB,uBAAuB,IAAI,GAChD,MACC,4BAA4B,IAAI;AAQrC,SAAO,sBANgB,qBAAqB;GAC1C,gBAFqB,0BAA0B,QAAQ;GAGvD;GACA,2BAA2B;GAC5B,CAAC,QAGA,yBACE,YAAY;AACV,qBAAkB;GAClB,MAAM,8BAA8B,0BAA0B,QAAQ;GACtE,IAAI;AAEJ,OAAI;AACF,eAAW,MAAM,oBAAoB,SAAS,SAAS,4BAA4B;YAC5E,OAAO;AACd,QAAI,QAAQ,IAAI,aAAa,aAC3B,oBAAmB,MAAM;AAE3B,UAAM;;AAGR,UAAO,uBAAuB,UAAU,SAAS;IAC/C,UAAU,QAAQ;IAClB,eAAe,QAAQ;IACvB,gBAAgB;IACjB,CAAC;KAEJ,EAAE,aAAa,IAAI,IAAI,QAAQ,IAAI,CAAC,UAAU,CAC/C,CACF"}

package/dist/server/app-rsc-request-normalization.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { normalizeMountedSlotsHeader } from "./app-mounted-slots-header.js";
+//#region src/server/app-rsc-request-normalization.d.ts
+type NormalizedRscRequest = {
+  /** Parsed URL. Callers may mutate `url.search` after middleware runs. */url: URL; /** Normalized pathname with basePath stripped. Used for all internal routing. */
+  pathname: string; /** Pathname with `.rsc` suffix removed. Used for route matching and navigation context. */
+  cleanPathname: string; /** True when the client requests the RSC payload (.rsc suffix or Accept: text/x-component). */
+  isRscRequest: boolean; /** Sanitized X-Vinext-Interception-Context header (null bytes stripped). null when absent. */
+  interceptionContextHeader: string | null; /** Normalized x-vinext-mounted-slots header (deduplicated, sorted). null when absent or blank. */
+  mountedSlotsHeader: string | null;
+};
+/**
+ * Normalize an App Router RSC request.
+ *
+ * Performs all security-sensitive and compatibility-sensitive preprocessing before
+ * route matching. The ordering of steps is security-critical — changing it introduces
+ * vulnerabilities:
+ *
+ *   1. Parse URL
+ *   2. Protocol-relative URL guard — on the raw pathname, BEFORE normalizePath collapses
+ *      `//` to `/`. If the guard ran after normalization, `//evil.com` → `/evil.com`
+ *      would bypass the check and reach the trailing-slash redirector, which echoes the
+ *      path into a `Location` header that browsers interpret as protocol-relative.
+ *   3. Strict percent-decode each segment — throws on malformed sequences (→ 400). Must
+ *      run before basePath check so %2F-encoded slashes cannot create fake basePath prefixes.
+ *   4. Collapse double-slashes, resolve `.` and `..` segments (normalizePath)
+ *   5. basePath check + strip — 404 when pathname lacks the basePath prefix.
+ *      `/__vinext/` bypasses this for internal prerender endpoints.
+ *   6. RSC detection: `.rsc` suffix or `Accept: text/x-component`
+ *   7. cleanPathname — pathname with `.rsc` suffix stripped
+ *   8. Sanitize X-Vinext-Interception-Context — strip null bytes (header injection)
+ *   9. Normalize x-vinext-mounted-slots — dedup and sort for canonical cache keys
+ *
+ * @returns A 400 or 404 Response for invalid or out-of-scope inputs,
+ *          or a NormalizedRscRequest for valid requests.
+ */
+declare function normalizeRscRequest(request: Request, basePath: string): Response | NormalizedRscRequest;
+//#endregion
+export { NormalizedRscRequest, normalizeMountedSlotsHeader, normalizeRscRequest };
+//# sourceMappingURL=app-rsc-request-normalization.d.ts.map

package/dist/server/app-rsc-request-normalization.js ADDED Viewed

@@ -0,0 +1,63 @@
+import { normalizePathnameForRouteMatchStrict } from "../routing/utils.js";
+import { normalizePath } from "./normalize-path.js";
+import { hasBasePath, stripBasePath } from "../utils/base-path.js";
+import { guardProtocolRelativeUrl } from "./request-pipeline.js";
+import { normalizeMountedSlotsHeader } from "./app-mounted-slots-header.js";
+//#region src/server/app-rsc-request-normalization.ts
+/**
+* Normalize an App Router RSC request.
+*
+* Performs all security-sensitive and compatibility-sensitive preprocessing before
+* route matching. The ordering of steps is security-critical — changing it introduces
+* vulnerabilities:
+*
+*   1. Parse URL
+*   2. Protocol-relative URL guard — on the raw pathname, BEFORE normalizePath collapses
+*      `//` to `/`. If the guard ran after normalization, `//evil.com` → `/evil.com`
+*      would bypass the check and reach the trailing-slash redirector, which echoes the
+*      path into a `Location` header that browsers interpret as protocol-relative.
+*   3. Strict percent-decode each segment — throws on malformed sequences (→ 400). Must
+*      run before basePath check so %2F-encoded slashes cannot create fake basePath prefixes.
+*   4. Collapse double-slashes, resolve `.` and `..` segments (normalizePath)
+*   5. basePath check + strip — 404 when pathname lacks the basePath prefix.
+*      `/__vinext/` bypasses this for internal prerender endpoints.
+*   6. RSC detection: `.rsc` suffix or `Accept: text/x-component`
+*   7. cleanPathname — pathname with `.rsc` suffix stripped
+*   8. Sanitize X-Vinext-Interception-Context — strip null bytes (header injection)
+*   9. Normalize x-vinext-mounted-slots — dedup and sort for canonical cache keys
+*
+* @returns A 400 or 404 Response for invalid or out-of-scope inputs,
+*          or a NormalizedRscRequest for valid requests.
+*/
+function normalizeRscRequest(request, basePath) {
+	const url = new URL(request.url);
+	const protoGuard = guardProtocolRelativeUrl(url.pathname);
+	if (protoGuard) return protoGuard;
+	let decoded;
+	try {
+		decoded = normalizePathnameForRouteMatchStrict(url.pathname);
+	} catch {
+		return new Response("Bad Request", { status: 400 });
+	}
+	let pathname = normalizePath(decoded);
+	if (basePath) {
+		if (!hasBasePath(pathname, basePath) && !pathname.startsWith("/__vinext/")) return new Response("Not Found", { status: 404 });
+		pathname = stripBasePath(pathname, basePath);
+	}
+	const isRscRequest = pathname.endsWith(".rsc") || (request.headers.get("accept")?.includes("text/x-component") ?? false);
+	const cleanPathname = pathname.replace(/\.rsc$/, "");
+	const interceptionContextHeader = request.headers.get("X-Vinext-Interception-Context")?.replaceAll("\0", "") || null;
+	const mountedSlotsHeader = normalizeMountedSlotsHeader(request.headers.get("x-vinext-mounted-slots"));
+	return {
+		url,
+		pathname,
+		cleanPathname,
+		isRscRequest,
+		interceptionContextHeader,
+		mountedSlotsHeader
+	};
+}
+//#endregion
+export { normalizeMountedSlotsHeader, normalizeRscRequest };
+//# sourceMappingURL=app-rsc-request-normalization.js.map

package/dist/server/app-rsc-request-normalization.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"app-rsc-request-normalization.js","names":[],"sources":["../../src/server/app-rsc-request-normalization.ts"],"sourcesContent":["import { normalizePath } from \"./normalize-path.js\";\nimport { normalizePathnameForRouteMatchStrict } from \"../routing/utils.js\";\nimport { guardProtocolRelativeUrl } from \"./request-pipeline.js\";\nimport { hasBasePath, stripBasePath } from \"../utils/base-path.js\";\nimport { normalizeMountedSlotsHeader } from \"./app-mounted-slots-header.js\";\n\nexport { normalizeMountedSlotsHeader } from \"./app-mounted-slots-header.js\";\n\nexport type NormalizedRscRequest = {\n /** Parsed URL. Callers may mutate `url.search` after middleware runs. */\n url: URL;\n /** Normalized pathname with basePath stripped. Used for all internal routing. */\n pathname: string;\n /** Pathname with `.rsc` suffix removed. Used for route matching and navigation context. */\n cleanPathname: string;\n /** True when the client requests the RSC payload (.rsc suffix or Accept: text/x-component). */\n isRscRequest: boolean;\n /** Sanitized X-Vinext-Interception-Context header (null bytes stripped). null when absent. */\n interceptionContextHeader: string | null;\n /** Normalized x-vinext-mounted-slots header (deduplicated, sorted). null when absent or blank. */\n mountedSlotsHeader: string | null;\n};\n\n/**\n * Normalize an App Router RSC request.\n *\n * Performs all security-sensitive and compatibility-sensitive preprocessing before\n * route matching. The ordering of steps is security-critical — changing it introduces\n * vulnerabilities:\n *\n * 1. Parse URL\n * 2. Protocol-relative URL guard — on the raw pathname, BEFORE normalizePath collapses\n * `//` to `/`. If the guard ran after normalization, `//evil.com` → `/evil.com`\n * would bypass the check and reach the trailing-slash redirector, which echoes the\n * path into a `Location` header that browsers interpret as protocol-relative.\n * 3. Strict percent-decode each segment — throws on malformed sequences (→ 400). Must\n * run before basePath check so %2F-encoded slashes cannot create fake basePath prefixes.\n * 4. Collapse double-slashes, resolve `.` and `..` segments (normalizePath)\n * 5. basePath check + strip — 404 when pathname lacks the basePath prefix.\n * `/__vinext/` bypasses this for internal prerender endpoints.\n * 6. RSC detection: `.rsc` suffix or `Accept: text/x-component`\n * 7. cleanPathname — pathname with `.rsc` suffix stripped\n * 8. Sanitize X-Vinext-Interception-Context — strip null bytes (header injection)\n * 9. Normalize x-vinext-mounted-slots — dedup and sort for canonical cache keys\n *\n * @returns A 400 or 404 Response for invalid or out-of-scope inputs,\n * or a NormalizedRscRequest for valid requests.\n */\nexport function normalizeRscRequest(\n request: Request,\n basePath: string,\n): Response | NormalizedRscRequest {\n const url = new URL(request.url);\n\n // Step 2: Guard against protocol-relative open redirects on the raw pathname.\n // normalizePath (step 4) would collapse //evil.com to /evil.com, causing the\n // guard to miss it. Raw pathname must be checked first.\n const protoGuard = guardProtocolRelativeUrl(url.pathname);\n if (protoGuard) return protoGuard;\n\n // Step 3: Strict segment-wise percent-decode. Preserves encoded path delimiters\n // (%2F stays %2F) to prevent encoded slashes from acting as path separators.\n // Throws on malformed sequences like %GG — caller must return 400.\n let decoded: string;\n try {\n decoded = normalizePathnameForRouteMatchStrict(url.pathname);\n } catch {\n return new Response(\"Bad Request\", { status: 400 });\n }\n\n // Step 4: Collapse double-slashes and resolve . / .. segments.\n let pathname = normalizePath(decoded);\n\n // Step 5: basePath check and strip.\n // Skipped when basePath is empty (no basePath configured).\n // /__vinext/ prefix bypasses the check for internal prerender endpoints\n // that must be reachable regardless of basePath configuration.\n if (basePath) {\n if (!hasBasePath(pathname, basePath) && !pathname.startsWith(\"/__vinext/\")) {\n return new Response(\"Not Found\", { status: 404 });\n }\n pathname = stripBasePath(pathname, basePath);\n }\n\n // Steps 6-7: RSC detection and cleanPathname.\n const isRscRequest =\n pathname.endsWith(\".rsc\") ||\n (request.headers.get(\"accept\")?.includes(\"text/x-component\") ?? false);\n const cleanPathname = pathname.replace(/\\.rsc$/, \"\");\n\n // Step 8: Sanitize X-Vinext-Interception-Context.\n // Null bytes in header values can be used for injection in some HTTP stacks.\n const interceptionContextHeader =\n request.headers.get(\"X-Vinext-Interception-Context\")?.replaceAll(\"\\0\", \"\") || null;\n\n // Step 9: Normalize mounted-slots header for canonical cache keying.\n const mountedSlotsHeader = normalizeMountedSlotsHeader(\n request.headers.get(\"x-vinext-mounted-slots\"),\n );\n\n return {\n url,\n pathname,\n cleanPathname,\n isRscRequest,\n interceptionContextHeader,\n mountedSlotsHeader,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgDA,SAAgB,oBACd,SACA,UACiC;CACjC,MAAM,MAAM,IAAI,IAAI,QAAQ,IAAI;CAKhC,MAAM,aAAa,yBAAyB,IAAI,SAAS;AACzD,KAAI,WAAY,QAAO;CAKvB,IAAI;AACJ,KAAI;AACF,YAAU,qCAAqC,IAAI,SAAS;SACtD;AACN,SAAO,IAAI,SAAS,eAAe,EAAE,QAAQ,KAAK,CAAC;;CAIrD,IAAI,WAAW,cAAc,QAAQ;AAMrC,KAAI,UAAU;AACZ,MAAI,CAAC,YAAY,UAAU,SAAS,IAAI,CAAC,SAAS,WAAW,aAAa,CACxE,QAAO,IAAI,SAAS,aAAa,EAAE,QAAQ,KAAK,CAAC;AAEnD,aAAW,cAAc,UAAU,SAAS;;CAI9C,MAAM,eACJ,SAAS,SAAS,OAAO,KACxB,QAAQ,QAAQ,IAAI,SAAS,EAAE,SAAS,mBAAmB,IAAI;CAClE,MAAM,gBAAgB,SAAS,QAAQ,UAAU,GAAG;CAIpD,MAAM,4BACJ,QAAQ,QAAQ,IAAI,gCAAgC,EAAE,WAAW,MAAM,GAAG,IAAI;CAGhF,MAAM,qBAAqB,4BACzB,QAAQ,QAAQ,IAAI,yBAAyB,CAC9C;AAED,QAAO;EACL;EACA;EACA;EACA;EACA;EACA;EACD"}