diff options
| author |  Arsh <69170106+lilnasy@users.noreply.github.com>
| 2024-02-07 16:09:39 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2024-02-07 21:39:39 +0530 |
| commit | 0699f34d5c4481c027c4d29d73944f79f97008df (patch) | |
| tree | 8515ffb1d2194fb60eb0e816ee034e3a03e97895 /packages/integrations/vercel/src/serverless/entrypoint.ts | |
| parent | 9ef79173a6a826a7ee20682c6925a18e6ec839d3 (diff) | |
| download | astro-0699f34d5c4481c027c4d29d73944f79f97008df.tar.gz astro-0699f34d5c4481c027c4d29d73944f79f97008df.tar.zst astro-0699f34d5c4481c027c4d29d73944f79f97008df.zip | |
feat(vercel): middleware verification (#9987)
* feat(vercel): verification for edge middleware
* add changeset
* Apply suggestions from code review
---------
Co-authored-by: Nate Moore <natemoo-re@users.noreply.github.com>
Diffstat (limited to 'packages/integrations/vercel/src/serverless/entrypoint.ts')
| -rw-r--r-- | packages/integrations/vercel/src/serverless/entrypoint.ts | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/packages/integrations/vercel/src/serverless/entrypoint.ts b/packages/integrations/vercel/src/serverless/entrypoint.ts index a60f03d7a..5dfba7697 100644 --- a/packages/integrations/vercel/src/serverless/entrypoint.ts +++ b/packages/integrations/vercel/src/serverless/entrypoint.ts @@ -1,26 +1,44 @@ import type { SSRManifest } from 'astro'; import { applyPolyfills, NodeApp } from 'astro/app/node'; import type { IncomingMessage, ServerResponse } from 'node:http'; -import { ASTRO_PATH_HEADER, ASTRO_PATH_PARAM, ASTRO_LOCALS_HEADER } from './adapter.js'; +import { + ASTRO_PATH_HEADER, + ASTRO_PATH_PARAM, + ASTRO_LOCALS_HEADER, + ASTRO_MIDDLEWARE_SECRET_HEADER, +} from './adapter.js'; applyPolyfills(); -export const createExports = (manifest: SSRManifest) => { +export const createExports = ( + manifest: SSRManifest, + { middlewareSecret }: { middlewareSecret: string } +) => { const app = new NodeApp(manifest); const handler = async (req: IncomingMessage, res: ServerResponse) => { const url = new URL(`https://example.com${req.url}`); const clientAddress = req.headers['x-forwarded-for'] as string | undefined; const localsHeader = req.headers[ASTRO_LOCALS_HEADER]; + const middlewareSecretHeader = req.headers[ASTRO_MIDDLEWARE_SECRET_HEADER]; const realPath = req.headers[ASTRO_PATH_HEADER] ?? url.searchParams.get(ASTRO_PATH_PARAM); if (typeof realPath === 'string') { req.url = realPath; } - const locals = - typeof localsHeader === 'string' + + let locals = {}; + if (localsHeader) { + if (middlewareSecretHeader !== middlewareSecret) { + res.statusCode = 403; + res.end('Forbidden'); + return; + } + locals = typeof localsHeader === 'string' ? JSON.parse(localsHeader) - : Array.isArray(localsHeader) - ? JSON.parse(localsHeader[0]) - : {}; + : JSON.parse(localsHeader[0]); + } + // hide the secret from the rest of user code + delete req.headers[ASTRO_MIDDLEWARE_SECRET_HEADER]; + const webResponse = await app.render(req, { addCookieHeader: true, clientAddress, locals }); await NodeApp.writeResponse(webResponse, res); }; |