37 lines
1.5 KiB
JavaScript
37 lines
1.5 KiB
JavaScript
// Append a caveat when a rec targets a route covered by middleware: e.g.
|
|
// middleware setting Set-Cookie downstream poisons cache headers the rec
|
|
// adds. Trusts finding.routesCovered rather than re-implementing Next's
|
|
// matcher algorithm.
|
|
|
|
import { extractRoute } from '../util.mjs';
|
|
|
|
export const metadata = {
|
|
id: 'middleware-conflict',
|
|
description: 'Append caveat when rec targets a route covered by middleware.',
|
|
};
|
|
|
|
export function apply(rec, ctx = {}) {
|
|
const findings = ctx?.signals?.codebase?.findings ?? [];
|
|
const middlewareFinding = findings.find((f) => f?.scannerId === 'middleware-broad-matcher' || f?.id === 'middleware-broad-matcher');
|
|
if (!middlewareFinding) return {};
|
|
|
|
const route = extractRoute(rec);
|
|
if (!route) return {};
|
|
|
|
const matcher = middlewareFinding.detail?.matcher
|
|
?? middlewareFinding.matcher
|
|
?? '(unspecified matcher)';
|
|
const middlewareFile = middlewareFinding.file ?? middlewareFinding.path ?? 'middleware.ts';
|
|
|
|
const covered = middlewareFinding.detail?.routesCovered ?? middlewareFinding.routesCovered;
|
|
if (Array.isArray(covered) && covered.length > 0 && !covered.includes(route)) {
|
|
return {};
|
|
}
|
|
|
|
const tag = `middleware-conflict:${matcher}`;
|
|
const caveat = `\n\n_Caveat: Middleware at \`${middlewareFile}\` (matcher: \`${matcher}\`) may intercept \`${route}\` and alter request/response before this fix takes effect. Verify the middleware does not set headers (e.g. \`Set-Cookie\`) that would invalidate caching._`;
|
|
|
|
if (typeof rec.fix === 'string') rec.fix += caveat;
|
|
return { tag, needsReview: true };
|
|
}
|