jonluca/vinext-boilerplate
Template
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vinext-boilerplate/worker/index.ts
JonLuca De Caro 947683286c types
2026-03-20 14:49:36 -07:00

348 lines
14 KiB
TypeScript
Raw Permalink Blame History

/**
* Cloudflare Worker entry point -- auto-generated by vinext deploy.
* Edit freely or delete to regenerate on next deploy.
*/
import { handleImageOptimization, DEFAULT_DEVICE_SIZES, DEFAULT_IMAGE_SIZES } from "vinext/server/image-optimization";
import type { ImageConfig } from "vinext/server/image-optimization";
import {
matchRedirect,
matchRewrite,
matchHeaders,
requestContextFromRequest,
applyMiddlewareRequestHeaders,
isExternalUrl,
proxyExternalRequest,
sanitizeDestination,
} from "vinext/config/config-matchers";
// @ts-expect-error -- virtual module resolved by vinext at build time
import { renderPage, handleApiRoute, runMiddleware, vinextConfig } from "virtual:vinext-server-entry";
interface AssetFetcher {
fetch(request: Request): Promise<Response>;
}
interface Env {
ASSETS: AssetFetcher;
IMAGES: {
input(stream: ReadableStream): {
transform(options: Record<string, unknown>): {
output(options: { format: string; quality: number }): Promise<{ response(): Response }>;
};
};
};
}
interface ExecutionContext {
waitUntil(promise: Promise<unknown>): void;
passThroughOnException(): void;
}
// Extract config values (embedded at build time in the server entry)
const basePath: string = vinextConfig?.basePath ?? "";
const trailingSlash: boolean = vinextConfig?.trailingSlash ?? false;
const configRedirects = vinextConfig?.redirects ?? [];
const configRewrites = vinextConfig?.rewrites ?? { beforeFiles: [], afterFiles: [], fallback: [] };
const configHeaders = vinextConfig?.headers ?? [];
const imageConfig: ImageConfig | undefined = vinextConfig?.images ? {
dangerouslyAllowSVG: vinextConfig.images.dangerouslyAllowSVG,
contentDispositionType: vinextConfig.images.contentDispositionType,
contentSecurityPolicy: vinextConfig.images.contentSecurityPolicy,
} : undefined;
function hasBasePath(pathname: string, basePath: string): boolean {
if (!basePath) return false;
return pathname === basePath || pathname.startsWith(basePath + "/");
}
function stripBasePath(pathname: string, basePath: string): string {
if (!hasBasePath(pathname, basePath)) return pathname;
return pathname.slice(basePath.length) || "/";
}
function stripQueryString(url: string): string {
const queryIndex = url.indexOf("?");
return queryIndex === -1 ? url : url.slice(0, queryIndex);
}
export default {
async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
try {
const url = new URL(request.url);
let pathname = url.pathname;
let urlWithQuery = pathname + url.search;
// Block protocol-relative URL open redirects (//evil.com/ or /\evil.com/).
// Normalize backslashes: browsers treat /\ as // in URL context.
const safePath = pathname.replaceAll("\\", "/");
if (safePath.startsWith("//")) {
return new Response("404 Not Found", { status: 404 });
}
// ── 1. Strip basePath ─────────────────────────────────────────
{
const stripped = stripBasePath(pathname, basePath);
if (stripped !== pathname) {
urlWithQuery = stripped + url.search;
pathname = stripped;
}
}
// ── Image optimization via Cloudflare Images binding ──────────
// Checked after basePath stripping so /<basePath>/_vinext/image works.
if (pathname === "/_vinext/image") {
const allowedWidths = [...DEFAULT_DEVICE_SIZES, ...DEFAULT_IMAGE_SIZES];
return handleImageOptimization(request, {
fetchAsset: (path) => env.ASSETS.fetch(new Request(new URL(path, request.url))),
transformImage: async (body, { width, format, quality }) => {
const result = await env.IMAGES.input(body).transform(width > 0 ? { width } : {}).output({ format, quality });
return result.response();
},
}, allowedWidths, imageConfig);
}
// ── 2. Trailing slash normalization ────────────────────────────
if (pathname !== "/" && pathname !== "/api" && !pathname.startsWith("/api/")) {
const hasTrailing = pathname.endsWith("/");
if (trailingSlash && !hasTrailing) {
return new Response(null, {
status: 308,
headers: { Location: basePath + pathname + "/" + url.search },
});
} else if (!trailingSlash && hasTrailing) {
return new Response(null, {
status: 308,
headers: { Location: basePath + pathname.replace(/\/+$/, "") + url.search },
});
}
}
// Build a request with the basePath-stripped URL for middleware and
// downstream handlers. In Workers the incoming request URL still
// contains basePath; prod-server constructs its webRequest from
// the already-stripped URL, so we replicate that here.
if (basePath) {
const strippedUrl = new URL(request.url);
strippedUrl.pathname = pathname;
request = new Request(strippedUrl, request);
}
// Build request context for pre-middleware config matching. Redirects
// run before middleware in Next.js. Header match conditions also use the
// original request snapshot even though header merging happens later so
// middleware response headers can still take precedence.
// beforeFiles, afterFiles, and fallback rewrites run after middleware
// (App Router order), so they use postMwReqCtx created after
// x-middleware-request-* headers are unpacked into request.
const reqCtx = requestContextFromRequest(request);
// ── 3. Apply redirects from next.config.js ────────────────────
if (configRedirects.length) {
const redirect = matchRedirect(pathname, configRedirects, reqCtx);
if (redirect) {
const dest = sanitizeDestination(
basePath &&
!isExternalUrl(redirect.destination) &&
!hasBasePath(redirect.destination, basePath)
? basePath + redirect.destination
: redirect.destination,
);
return new Response(null, {
status: redirect.permanent ? 308 : 307,
headers: { Location: dest },
});
}
}
// ── 4. Run middleware ──────────────────────────────────────────
let resolvedUrl = urlWithQuery;
const middlewareHeaders: Record<string, string | string[]> = {};
let middlewareRewriteStatus: number | undefined;
if (typeof runMiddleware === "function") {
const result = await runMiddleware(request, ctx);
if (!result.continue) {
if (result.redirectUrl) {
const redirectHeaders = new Headers({ Location: result.redirectUrl });
if (result.responseHeaders) {
for (const [key, value] of result.responseHeaders) {
redirectHeaders.append(key, value);
}
}
return new Response(null, {
status: result.redirectStatus ?? 307,
headers: redirectHeaders,
});
}
if (result.response) {
return result.response;
}
}
// Collect middleware response headers to merge into final response.
// Use an array for Set-Cookie to preserve multiple values.
if (result.responseHeaders) {
for (const [key, value] of result.responseHeaders) {
if (key === "set-cookie") {
const existing = middlewareHeaders[key];
if (Array.isArray(existing)) {
existing.push(value);
} else if (existing) {
middlewareHeaders[key] = [existing as string, value];
} else {
middlewareHeaders[key] = [value];
}
} else {
middlewareHeaders[key] = value;
}
}
}
// Apply middleware rewrite
if (result.rewriteUrl) {
resolvedUrl = result.rewriteUrl;
}
// Apply custom status code from middleware rewrite
middlewareRewriteStatus = result.rewriteStatus;
}
// Unpack x-middleware-request-* headers into the actual request and strip
// all x-middleware-* internal signals. Rebuilds postMwReqCtx for use by
// beforeFiles, afterFiles, and fallback config rules (which run after
// middleware per the Next.js execution order).
const { postMwReqCtx, request: postMwReq } = applyMiddlewareRequestHeaders(middlewareHeaders, request);
request = postMwReq;
// Config header matching must keep using the original normalized pathname
// even if middleware rewrites the downstream route/render target.
let resolvedPathname = stripQueryString(resolvedUrl);
// ── 5. Apply custom headers from next.config.js ───────────────
// Config headers are additive for multi-value headers (Vary,
// Set-Cookie) and override for everything else. Vary values are
// comma-joined per HTTP spec. Set-Cookie values are accumulated
// as arrays (RFC 6265 forbids comma-joining cookies).
// Middleware headers take precedence: skip config keys already set
// by middleware so middleware always wins for the same key.
if (configHeaders.length) {
const matched = matchHeaders(pathname, configHeaders, reqCtx);
for (const h of matched) {
const lk = h.key.toLowerCase();
if (lk === "set-cookie") {
const existing = middlewareHeaders[lk];
if (Array.isArray(existing)) {
existing.push(h.value);
} else if (existing) {
middlewareHeaders[lk] = [existing as string, h.value];
} else {
middlewareHeaders[lk] = [h.value];
}
} else if (lk === "vary" && middlewareHeaders[lk]) {
middlewareHeaders[lk] += ", " + h.value;
} else if (!(lk in middlewareHeaders)) {
// Middleware headers take precedence: only set if middleware
// did not already place this key on the response.
middlewareHeaders[lk] = h.value;
}
}
}
// <20><>─ 6. Apply beforeFiles rewrites from next.config.js ─────────
if (configRewrites.beforeFiles?.length) {
const rewritten = matchRewrite(resolvedPathname, configRewrites.beforeFiles, postMwReqCtx);
if (rewritten) {
if (isExternalUrl(rewritten)) {
return proxyExternalRequest(request, rewritten);
}
resolvedUrl = rewritten;
resolvedPathname = stripQueryString(rewritten);
}
}
// ── 7. API routes ─────────────────────────────────────────────
if (resolvedPathname.startsWith("/api/") || resolvedPathname === "/api") {
const response = typeof handleApiRoute === "function"
? await handleApiRoute(request, resolvedUrl)
: new Response("404 - API route not found", { status: 404 });
return mergeHeaders(response, middlewareHeaders, middlewareRewriteStatus);
}
// ── 8. Apply afterFiles rewrites from next.config.js ──────────
if (configRewrites.afterFiles?.length) {
const rewritten = matchRewrite(resolvedPathname, configRewrites.afterFiles, postMwReqCtx);
if (rewritten) {
if (isExternalUrl(rewritten)) {
return proxyExternalRequest(request, rewritten);
}
resolvedUrl = rewritten;
resolvedPathname = stripQueryString(rewritten);
}
}
// ── 9. Page routes ────────────────────────────────────────────
let response: Response | undefined;
if (typeof renderPage === "function") {
response = await renderPage(request, resolvedUrl, null, ctx);
// ── 10. Fallback rewrites (if SSR returned 404) ─────────────
if (response && response.status === 404 && configRewrites.fallback?.length) {
const fallbackRewrite = matchRewrite(resolvedPathname, configRewrites.fallback, postMwReqCtx);
if (fallbackRewrite) {
if (isExternalUrl(fallbackRewrite)) {
return proxyExternalRequest(request, fallbackRewrite);
}
response = await renderPage(request, fallbackRewrite, null, ctx);
}
}
}
if (!response) {
return new Response("404 - Not found", { status: 404 });
}
return mergeHeaders(response, middlewareHeaders, middlewareRewriteStatus);
} catch (error) {
console.error("[vinext] Worker error:", error);
return new Response("Internal Server Error", { status: 500 });
}
},
};
/**
* Merge middleware/config headers into a response.
* Response headers take precedence over middleware headers for all headers
* except Set-Cookie, which is additive (both middleware and response cookies
* are preserved). Matches the behavior in prod-server.ts. Uses getSetCookie()
* to preserve multiple Set-Cookie values.
*/
function mergeHeaders(
response: Response,
extraHeaders: Record<string, string | string[]>,
statusOverride?: number,
): Response {
if (!Object.keys(extraHeaders).length && !statusOverride) return response;
const merged = new Headers();
// Middleware/config headers go in first (lower precedence)
for (const [k, v] of Object.entries(extraHeaders)) {
if (Array.isArray(v)) {
for (const item of v) merged.append(k, item);
} else {
merged.set(k, v);
}
}
// Response headers overlay them (higher precedence), except Set-Cookie
// which is additive (both middleware and response cookies should be sent).
response.headers.forEach((v, k) => {
if (k === "set-cookie") return;
merged.set(k, v);
});
const responseCookies = response.headers.getSetCookie?.() ?? [];
for (const cookie of responseCookies) merged.append("set-cookie", cookie);
return new Response(response.body, {
status: statusOverride ?? response.status,
statusText: response.statusText,
headers: merged,
});
}
Reference in New Issue View Git Blame Copy Permalink