vinext 0.1.0 → 0.1.2

package/dist/config/next-config.js

@@ -72,6 +72,12 @@ const CONFIG_FILES = [
 ];
 const DEFAULT_EXPIRE_TIME = 31536e3;
 /**
+* Default cap for the App Router preload `Link` header length, matching the
+* Next.js `defaultConfig.reactMaxHeadersLength`.
+* @see https://nextjs.org/docs/app/api-reference/config/next-config-js/reactMaxHeadersLength
+*/
+const DEFAULT_REACT_MAX_HEADERS_LENGTH = 6e3;
+/**
 * Check whether an error indicates a CJS module was loaded in an ESM context
 * (i.e. the file uses `require()` which is not available in ESM).
 */
@@ -506,6 +512,7 @@ async function resolveNextConfig(config, root = process.cwd()) {
 			output: "",
 			pageExtensions: normalizePageExtensions(),
 			cacheComponents: false,
+			gestureTransition: false,
 			prefetchInlining: false,
 			redirects: [],
 			rewrites: {
@@ -523,7 +530,9 @@ async function resolveNextConfig(config, root = process.cwd()) {
 			optimizePackageImports: [],
 			inlineCss: false,
 			serverActionsBodySizeLimit: 1 * 1024 * 1024,
+			serverActionsBodySizeLimitLabel: "1 MB",
 			expireTime: DEFAULT_EXPIRE_TIME,
+			reactMaxHeadersLength: DEFAULT_REACT_MAX_HEADERS_LENGTH,
 			htmlLimitedBots: void 0,
 			serverExternalPackages: [],
 			cacheHandler: void 0,
@@ -588,7 +597,9 @@ async function resolveNextConfig(config, root = process.cwd()) {
 	const experimental = readOptionalRecord(config.experimental);
 	const serverActionsConfig = readOptionalRecord(experimental?.serverActions);
 	const serverActionsAllowedOrigins = readStringArray(serverActionsConfig?.allowedOrigins);
-	const serverActionsBodySizeLimit = parseBodySizeLimit(readOptionalBodySizeLimit(serverActionsConfig?.bodySizeLimit));
+	const serverActionsBodySizeLimitConfig = readOptionalBodySizeLimit(serverActionsConfig?.bodySizeLimit);
+	const serverActionsBodySizeLimit = parseBodySizeLimit(serverActionsBodySizeLimitConfig);
+	const serverActionsBodySizeLimitLabel = serverActionsBodySizeLimitConfig === void 0 ? "1 MB" : String(serverActionsBodySizeLimitConfig);
 	const hashSalt = (readOptionalString(experimental?.outputHashSalt) ?? "") + (process.env.NEXT_HASH_SALT ?? "");
 	const htmlLimitedBots = resolveHtmlLimitedBots(config.htmlLimitedBots);
 	const rawOptimize = experimental?.optimizePackageImports;
@@ -645,6 +656,7 @@ async function resolveNextConfig(config, root = process.cwd()) {
 		pageExtensions,
 		instrumentationClientInject: Array.isArray(config.instrumentationClientInject) ? config.instrumentationClientInject.filter((x) => typeof x === "string") : [],
 		cacheComponents: config.cacheComponents ?? false,
+		gestureTransition: experimental?.gestureTransition === true,
 		prefetchInlining,
 		redirects,
 		rewrites,
@@ -658,7 +670,9 @@ async function resolveNextConfig(config, root = process.cwd()) {
 		optimizePackageImports,
 		inlineCss,
 		serverActionsBodySizeLimit,
+		serverActionsBodySizeLimitLabel,
 		expireTime: typeof config.expireTime === "number" ? config.expireTime : DEFAULT_EXPIRE_TIME,
+		reactMaxHeadersLength: typeof config.reactMaxHeadersLength === "number" ? config.reactMaxHeadersLength : DEFAULT_REACT_MAX_HEADERS_LENGTH,
 		htmlLimitedBots,
 		serverExternalPackages,
 		cacheHandler,
@@ -680,12 +694,28 @@ async function resolveNextConfig(config, root = process.cwd()) {
 	if (resolved.basePath !== "" && resolved.basePath !== "/" && resolved.assetPrefix === "") resolved.assetPrefix = resolved.basePath;
 	return resolved;
 }
+/**
+* Whether an alias target is a relative filesystem path (`./foo`, `../foo`,
+* or a bare `.`/`..`) that should be resolved against the project root.
+*
+* Both Next.js Turbopack `resolveAlias` and webpack `resolve.alias` accept two
+* kinds of values: relative/absolute file paths AND bare package specifiers
+* (e.g. `react`, `preact/compat`, `@scope/pkg`). Bare specifiers must be left
+* verbatim so Vite/Rolldown re-resolves them through node_modules — resolving
+* them against `root` mangles them into bogus `<root>/react` paths and breaks
+* the build with "No such file or directory". See cloudflare/vinext#1507.
+*/
+function isRelativeAliasTarget(value) {
+	return value === "." || value === ".." || value.startsWith("./") || value.startsWith("../");
+}
 function normalizeAliasEntries(aliases, root) {
 	if (!aliases) return {};
 	const normalized = {};
 	for (const [key, value] of Object.entries(aliases)) {
 		if (typeof value !== "string") continue;
-		normalized[key] = path.isAbsolute(value) ? value : path.resolve(root, value);
+		if (path.isAbsolute(value)) normalized[key] = value;
+		else if (isRelativeAliasTarget(value)) normalized[key] = path.resolve(root, value);
+		else normalized[key] = value;
 	}
 	return normalized;
 }

package/dist/deploy.js

@@ -334,30 +334,14 @@ function generatePagesRouterWorkerEntry() {
  * Cloudflare Worker entry point -- auto-generated by vinext deploy.
  * Edit freely or delete to regenerate on next deploy.
  */
+import { runPagesRequest, wrapMiddlewareWithBasePath } from "vinext/server/pages-request-pipeline";
+import type { PagesPipelineDeps } from "vinext/server/pages-request-pipeline";
 import { handleImageOptimization, DEFAULT_DEVICE_SIZES, DEFAULT_IMAGE_SIZES, isImageOptimizationPath } from "vinext/server/image-optimization";
 import type { ImageConfig } from "vinext/server/image-optimization";
-import {
-  matchRedirect,
-  matchRewrite,
-  requestContextFromRequest,
-  applyMiddlewareRequestHeaders,
-  isExternalUrl,
-  proxyExternalRequest,
-  sanitizeDestination,
-} from "vinext/config/config-matchers";
-import {
-  applyConfigHeadersToHeaderRecord,
-  cloneRequestWithHeaders,
-  filterInternalHeaders,
-  isOpenRedirectShaped,
-  normalizeTrailingSlash,
-} from "vinext/server/request-pipeline";
-import { mergeHeaders } from "vinext/server/worker-utils";
+import { cloneRequestWithHeaders, filterInternalHeaders, isOpenRedirectShaped } from "vinext/server/request-pipeline";
 import { notFoundStaticAssetResponse } from "vinext/server/http-error-responses";
 import { assetPrefixPathname, isNextStaticPath } from "vinext/utils/asset-prefix";
 import { hasBasePath, stripBasePath } from "vinext/utils/base-path";
-import { normalizeDefaultLocalePathname, stripI18nLocaleForApiRoute } from "vinext/server/pages-i18n";
-import { mergeRewriteQuery } from "vinext/utils/query";
 
 // @ts-expect-error -- virtual module resolved by vinext at build time
 import { renderPage, handleApiRoute, runMiddleware, vinextConfig, matchPageRoute } from "virtual:vinext-server-entry";
@@ -402,7 +386,6 @@ export default {
     try {
       const url = new URL(request.url);
       let pathname = url.pathname;
-      let urlWithQuery = pathname + url.search;
 
       // Block protocol-relative URL open redirects in all shapes:
       //   literal  //evil.com, /\\\\evil.com
@@ -445,11 +428,12 @@ export default {
       {
         const stripped = stripBasePath(pathname, basePath);
         if (stripped !== pathname) {
-          urlWithQuery = stripped + url.search;
+          const strippedUrl = new URL(request.url);
+          strippedUrl.pathname = stripped;
+          request = new Request(strippedUrl, request);
           pathname = stripped;
         }
       }
-      const basePathState = { basePath, hadBasePath };
 
       // ── Image optimization via Cloudflare Images binding ──────────
       // Checked after basePath stripping so /<basePath>/_next/image works.
@@ -464,291 +448,50 @@ export default {
         }, allowedWidths, imageConfig);
       }
 
-      // ── 2. Trailing slash normalization ────────────────────────────
-      {
-        const trailingSlashRedirect = normalizeTrailingSlash(
-          pathname,
-          basePath,
-          trailingSlash,
-          url.search,
-        );
-        if (trailingSlashRedirect) {
-          return trailingSlashRedirect;
-        }
-      }
-
-      // Build a request with the basePath-stripped URL for middleware and
-      // downstream handlers. In Workers the incoming request URL still
-      // contains basePath; prod-server constructs its webRequest from
-      // the already-stripped URL, so we replicate that here.
-      if (basePath) {
-        const strippedUrl = new URL(request.url);
-        strippedUrl.pathname = pathname;
-        request = new Request(strippedUrl, request);
-      }
-
-      // Build request context for pre-middleware config matching. Redirects
-      // run before middleware in Next.js. Header match conditions also use the
-      // original request snapshot even though header merging happens later so
-      // middleware response headers can still take precedence.
-      // beforeFiles, afterFiles, and fallback rewrites run after middleware
-      // (App Router order), so they use postMwReqCtx created after
-      // x-middleware-request-* headers are unpacked into request.
-      const reqCtx = requestContextFromRequest(request);
-
-      // Default-locale path normalisation (issue #1336, item 4). Mirrors
-      // Next.js's resolve-routes.ts: every request without a locale prefix
-      // gets the (domain-aware) default locale prepended before config rule
-      // matching so that locale-aware rules with :locale placeholders or
-      // locale: false overrides still match default-locale URLs.
-      const matchPathname = i18nConfig
-        ? normalizeDefaultLocalePathname(pathname, i18nConfig, {
-            hostname: url.hostname,
-          })
-        : pathname;
-
-      // ── 3. Apply redirects from next.config.js ────────────────────
-      if (configRedirects.length) {
-        const redirect = matchRedirect(matchPathname, configRedirects, reqCtx, basePathState);
-        if (redirect) {
-          // Only prepend basePath when the request was actually under basePath.
-          // Opt-out rules running on out-of-basepath requests must not receive
-          // a basePath prefix.
-          const dest = sanitizeDestination(
-            basePath &&
-              hadBasePath &&
-              !isExternalUrl(redirect.destination) &&
-              !hasBasePath(redirect.destination, basePath)
-              ? basePath + redirect.destination
-              : redirect.destination,
-          );
-          return new Response(null, {
-            status: redirect.permanent ? 308 : 307,
-            headers: { Location: dest },
-          });
-        }
-      }
-
-      // ── 4. Run middleware ──────────────────────────────────────────
-      let resolvedUrl = urlWithQuery;
-      const middlewareHeaders: Record<string, string | string[]> = {};
-      let middlewareRewriteStatus: number | undefined;
-      if (typeof runMiddleware === "function") {
-        const result = await runMiddleware(request, ctx, { isDataRequest });
-
-        // Bubble up waitUntil promises (e.g. Clerk telemetry/session sync)
-        if (result.waitUntilPromises?.length) {
-          for (const p of result.waitUntilPromises) {
-            ctx.waitUntil(p);
-          }
-        }
-
-        if (!result.continue) {
-          if (result.redirectUrl) {
-            const redirectHeaders = new Headers({ Location: result.redirectUrl });
-            if (result.responseHeaders) {
-              for (const [key, value] of result.responseHeaders) {
-                redirectHeaders.append(key, value);
-              }
-            }
-            return new Response(null, {
-              status: result.redirectStatus ?? 307,
-              headers: redirectHeaders,
-            });
-          }
-          if (result.response) {
-            return result.response;
-          }
-        }
-
-        // Collect middleware response headers to merge into final response.
-        // Use an array for Set-Cookie to preserve multiple values.
-        if (result.responseHeaders) {
-          for (const [key, value] of result.responseHeaders) {
-            if (key === "set-cookie") {
-              const existing = middlewareHeaders[key];
-              if (Array.isArray(existing)) {
-                existing.push(value);
-              } else if (existing) {
-                middlewareHeaders[key] = [existing as string, value];
-              } else {
-                middlewareHeaders[key] = [value];
-              }
-            } else {
-              middlewareHeaders[key] = value;
-            }
-          }
-        }
-
-        // Apply middleware rewrite
-        if (result.rewriteUrl) {
-          resolvedUrl = result.rewriteUrl;
-        }
-
-        // Apply custom status code from middleware rewrite
-        middlewareRewriteStatus = result.rewriteStatus;
-      }
-
-      // Unpack x-middleware-request-* headers into the actual request and strip
-      // all x-middleware-* internal signals. Rebuilds postMwReqCtx for use by
-      // beforeFiles, afterFiles, and fallback config rules (which run after
-      // middleware per the Next.js execution order).
-      const { postMwReqCtx, request: postMwReq } = applyMiddlewareRequestHeaders(middlewareHeaders, request);
-      request = postMwReq;
-
-      // Config header matching must keep using the original normalized pathname
-      // even if middleware rewrites the downstream route/render target.
-      let resolvedPathname = resolvedUrl.split("?")[0];
-
-      // ── 5. Apply custom headers from next.config.js ───────────────
-      // Config headers are additive for multi-value headers (Vary,
-      // Set-Cookie) and override for everything else. Vary values are
-      // comma-joined per HTTP spec. Set-Cookie values are accumulated
-      // as arrays (RFC 6265 forbids comma-joining cookies).
-      // Middleware headers take precedence: skip config keys already set
-      // by middleware so middleware always wins for the same key.
-      if (configHeaders.length) {
-        applyConfigHeadersToHeaderRecord(middlewareHeaders, {
-          configHeaders,
-          pathname: matchPathname,
-          requestContext: reqCtx,
-          basePathState,
-        });
-      }
-
-      if (isExternalUrl(resolvedUrl)) {
-        const proxyResponse = await proxyExternalRequest(request, resolvedUrl);
-        return mergeHeaders(proxyResponse, middlewareHeaders, undefined);
-      }
-
-      // Default-locale-normalised form of resolvedPathname for matching
-      // against next.config.js rewrites (beforeFiles, afterFiles, fallback).
-      const matchResolvedPathname = (p: string): string =>
-        i18nConfig
-          ? normalizeDefaultLocalePathname(p, i18nConfig, { hostname: url.hostname })
-          : p;
-
-      // ── 6. Apply beforeFiles rewrites from next.config.js ─────────
-      let configRewriteFired = false;
-      if (configRewrites.beforeFiles?.length) {
-        const rewritten = matchRewrite(
-          matchResolvedPathname(resolvedPathname),
-          configRewrites.beforeFiles,
-          postMwReqCtx,
-          basePathState,
-        );
-        if (rewritten) {
-          if (isExternalUrl(rewritten)) {
-            return proxyExternalRequest(request, rewritten);
-          }
-          // Preserve original query params across rewrites (Next.js parity).
-          resolvedUrl = mergeRewriteQuery(resolvedUrl, rewritten);
-          resolvedPathname = resolvedUrl.split("?")[0];
-          configRewriteFired = true;
-        }
-      }
-
-      // Reject out-of-basePath requests that no rule rewrote. See the
-      // matching comment in prod-server.ts step 7b.
-      if (basePath && !hadBasePath && !configRewriteFired) {
-        return new Response("This page could not be found", {
-          status: 404,
-          headers: { "Content-Type": "text/html; charset=utf-8" },
-        });
-      }
-
-      // ── 7. API routes ─────────────────────────────────────────────
-      // Forward ctx so handlePagesApiRoute can wrap the user handler in
-      // runWithExecutionContext, making ctx.waitUntil() reachable from
-      // after() and other shims that schedule deferred work.
-      //
-      // Strip the i18n locale prefix before the /api/ check so
-      // /fr/api/ok resolves to the pages/api/ok handler (Next.js
-      // parity -- see base-server.ts's normalizeLocalePath call).
-      const apiLookupUrl = stripI18nLocaleForApiRoute(resolvedUrl, vinextConfig?.i18n ?? null);
-      const apiLookupPathname = apiLookupUrl.split("?")[0];
-      if (apiLookupPathname.startsWith("/api/") || apiLookupPathname === "/api") {
-        const response = typeof handleApiRoute === "function"
-          ? await handleApiRoute(request, apiLookupUrl, ctx)
-          : new Response("404 - API route not found", { status: 404 });
-        return mergeHeaders(response, middlewareHeaders, middlewareRewriteStatus);
-      }
-
-      const pageMatch =
-        typeof matchPageRoute === "function" ? matchPageRoute(resolvedPathname, request) : null;
-
-      // ── 8. Apply afterFiles rewrites from next.config.js ──────────
-      // These run after non-dynamic page routes but before dynamic routes.
-      if ((!pageMatch || pageMatch.route.isDynamic) && configRewrites.afterFiles?.length) {
-        const rewritten = matchRewrite(
-          matchResolvedPathname(resolvedPathname),
-          configRewrites.afterFiles,
-          postMwReqCtx,
-          basePathState,
-        );
-        if (rewritten) {
-          if (isExternalUrl(rewritten)) {
-            return proxyExternalRequest(request, rewritten);
-          }
-          resolvedUrl = mergeRewriteQuery(resolvedUrl, rewritten);
-          resolvedPathname = resolvedUrl.split("?")[0];
-        }
-      }
-
-      // ── 9. Page routes ────────────────────────────────────────────
-      let response: Response | undefined;
-      if (typeof renderPage === "function") {
-        const renderPageMatch =
-          typeof matchPageRoute === "function" ? matchPageRoute(resolvedPathname, request) : null;
-        const shouldDeferErrorPageOnMiss =
-          !isDataRequest && typeof matchPageRoute === "function" && !renderPageMatch;
-        const initialRenderOptions = shouldDeferErrorPageOnMiss
-          ? { renderErrorPageOnMiss: false }
-          : undefined;
-        response = await renderPage(request, resolvedUrl, null, ctx, undefined, initialRenderOptions);
-
-        // ── 10. Fallback rewrites (if SSR returned 404) ─────────────
-        let matchedFallbackRewrite = false;
-        if (
-          response &&
-          response.status === 404 &&
-          shouldDeferErrorPageOnMiss &&
-          configRewrites.fallback?.length
-        ) {
-          const fallbackRewrite = matchRewrite(
-            matchResolvedPathname(resolvedPathname),
-            configRewrites.fallback,
-            postMwReqCtx,
-            basePathState,
-          );
-          if (fallbackRewrite) {
-            if (isExternalUrl(fallbackRewrite)) {
-              return proxyExternalRequest(request, fallbackRewrite);
-            }
-            matchedFallbackRewrite = true;
-            response = await renderPage(
-              request,
-              mergeRewriteQuery(resolvedUrl, fallbackRewrite),
-              null,
-              ctx,
-            );
-          }
-        }
-        if (
-          response &&
-          response.status === 404 &&
-          shouldDeferErrorPageOnMiss &&
-          !matchedFallbackRewrite
-        ) {
-          response = await renderPage(request, resolvedUrl, null, ctx);
-        }
-      }
+      // Delegate the canonical 9-step Next.js pipeline to the shared owner.
+      // The worker adapter is responsible for: open-redirect guard, _next/static
+      // 404 short-circuit, header filtering, basePath stripping, and image
+      // optimization. runPagesRequest receives a clean, basePath-stripped request.
+      const deps: PagesPipelineDeps = {
+        basePath,
+        trailingSlash,
+        i18nConfig,
+        configRedirects,
+        configRewrites,
+        configHeaders,
+        hadBasePath,
+        // The worker adapter does not do _next/data URL normalization (no
+        // buildId available at request time). isDataReq is used by the pipeline
+        // only for renderPage options and shouldDeferErrorPageOnMiss -- false
+        // is correct here.
+        isDataReq: false,
+        isDataRequest,
+        ctx,
+        matchPageRoute: typeof matchPageRoute === "function" ? matchPageRoute : null,
+        // Pass the original (pre-basePath-stripping) URL to middleware so that
+        // request.nextUrl.basePath reflects whether the URL actually had the
+        // basePath prefix. Matches Next.js behavior and the prod-server.ts
+        // equivalent (shared via wrapMiddlewareWithBasePath).
+        runMiddleware:
+          typeof runMiddleware === "function"
+            ? wrapMiddlewareWithBasePath(runMiddleware, basePath, hadBasePath)
+            : null,
+        renderPage: typeof renderPage === "function"
+          ? (req, resolvedUrl, options, stagedHeaders) =>
+              renderPage(req, resolvedUrl, null, ctx, stagedHeaders, options)
+          : null,
+        handleApi: typeof handleApiRoute === "function"
+          ? (req, apiUrl) => handleApiRoute(req, apiUrl, ctx)
+          : null,
+      };
 
-      if (!response) {
-        return new Response("This page could not be found", { status: 404 });
+      const result = await runPagesRequest(request, deps);
+      if (result.type === "response") {
+        return result.response;
       }
+      // Should not reach here for prod/worker (all callbacks supplied).
+      return new Response("This page could not be found", { status: 404 });
 
-      return mergeHeaders(response, middlewareHeaders, middlewareRewriteStatus);
     } catch (error) {
       console.error("[vinext] Worker error:", error);
       return new Response("Internal Server Error", { status: 500 });

package/dist/entries/app-rsc-entry.d.ts

@@ -17,7 +17,8 @@ type AppRouterConfig = {
   headers?: NextHeader[]; /** Extra origins allowed for server action CSRF checks (from experimental.serverActions.allowedOrigins). */
   allowedOrigins?: string[]; /** Extra origins allowed for dev server access (from allowedDevOrigins). */
   allowedDevOrigins?: string[]; /** Body size limit for server actions in bytes (from experimental.serverActions.bodySizeLimit). */
-  bodySizeLimit?: number; /** Serialized next.config htmlLimitedBots regexp source. */
+  bodySizeLimit?: number; /** Verbatim body size limit config value (e.g. "2mb") for the "Body exceeded {limit} limit" error. */
+  bodySizeLimitLabel?: string; /** Serialized next.config htmlLimitedBots regexp source. */
   htmlLimitedBots?: string;
   /**
    * Allow-list of keys (from `experimental.clientTraceMetadata`) to surface
@@ -34,7 +35,12 @@ type AppRouterConfig = {
    * @see https://nextjs.org/docs/app/api-reference/config/next-config-js/assetPrefix
    */
   assetPrefix?: string; /** Route-level expire fallback in seconds for ISR entries with numeric revalidate. */
-  expireTime?: number; /** Maximum in-memory cache size in bytes. 0 disables the default memory cache. */
+  expireTime?: number;
+  /**
+   * Maximum total length (in characters) of the preload `Link` header emitted
+   * during App Router SSR. `0` disables emission. Defaults to 6000.
+   */
+  reactMaxHeadersLength?: number; /** Maximum in-memory cache size in bytes. 0 disables the default memory cache. */
   cacheMaxMemorySize?: number; /** Inline app CSS into production HTML (from experimental.inlineCss). */
   inlineCss?: boolean; /** Enables Next.js Cache Components semantics for App Router document HTML. */
   cacheComponents?: boolean; /** Internationalization routing config for middleware matcher locale handling. */