next-csrf
Version:
CSRF mitigation library for Next.js
6 lines • 3.34 kB
JavaScript
;exports.__esModule=true;exports.default=nextPageConfig;var _core=require("@babel/core");var _constants=require("../../../next-server/lib/constants");const CONFIG_KEY='config';// replace program path with just a variable with the drop identifier
function replaceBundle(path,t){path.parentPath.replaceWith(t.program([t.variableDeclaration('const',[t.variableDeclarator(t.identifier(_constants.STRING_LITERAL_DROP_BUNDLE),t.stringLiteral(`${_constants.STRING_LITERAL_DROP_BUNDLE} ${Date.now()}`))])],[]));}function errorMessage(state,details){const pageName=(state.filename||'').split(state.cwd||'').pop()||'unknown';return`Invalid page config export found. ${details} in file ${pageName}. See: https://err.sh/vercel/next.js/invalid-page-config`;}// config to parsing pageConfig for client bundles
function nextPageConfig({types:t}){return{visitor:{Program:{enter(path,state){path.traverse({ExportDeclaration(exportPath,exportState){var _specifiers;if(_core.types.isExportNamedDeclaration(exportPath)&&((_specifiers=exportPath.node.specifiers)===null||_specifiers===void 0?void 0:_specifiers.some(specifier=>{return specifier.exported.name===CONFIG_KEY;}))&&_core.types.isStringLiteral(exportPath.node.source)){throw new Error(errorMessage(exportState,'Expected object but got export from'));}},ExportNamedDeclaration(exportPath,exportState){var _exportPath$node$decl,_exportPath$scope$get;if(exportState.bundleDropped||!exportPath.node.declaration&&exportPath.node.specifiers.length===0){return;}const config={};const declarations=[...(((_exportPath$node$decl=exportPath.node.declaration)===null||_exportPath$node$decl===void 0?void 0:_exportPath$node$decl.declarations)||[]),(_exportPath$scope$get=exportPath.scope.getBinding(CONFIG_KEY))===null||_exportPath$scope$get===void 0?void 0:_exportPath$scope$get.path.node].filter(Boolean);for(const declaration of declarations){if(!_core.types.isIdentifier(declaration.id,{name:CONFIG_KEY})){if(_core.types.isImportSpecifier(declaration)){throw new Error(errorMessage(exportState,`Expected object but got import`));}continue;}if(!_core.types.isObjectExpression(declaration.init)){const got=declaration.init?declaration.init.type:'undefined';throw new Error(errorMessage(exportState,`Expected object but got ${got}`));}for(const prop of declaration.init.properties){if(_core.types.isSpreadElement(prop)){throw new Error(errorMessage(exportState,`Property spread is not allowed`));}const{name}=prop.key;if(_core.types.isIdentifier(prop.key,{name:'amp'})){if(!_core.types.isObjectProperty(prop)){throw new Error(errorMessage(exportState,`Invalid property "${name}"`));}if(!_core.types.isBooleanLiteral(prop.value)&&!_core.types.isStringLiteral(prop.value)){throw new Error(errorMessage(exportState,`Invalid value for "${name}"`));}config.amp=prop.value.value;}}}if(config.amp===true){var _exportState$file,_exportState$file$opt;if(!((_exportState$file=exportState.file)===null||_exportState$file===void 0?void 0:(_exportState$file$opt=_exportState$file.opts)===null||_exportState$file$opt===void 0?void 0:_exportState$file$opt.caller.isDev)){// don't replace bundle in development so HMR can track
// dependencies and trigger reload when they are changed
replaceBundle(exportPath,t);}exportState.bundleDropped=true;return;}}},state);}}}};}
//# sourceMappingURL=next-page-config.js.map