kindspells · castarco · Sep 30, 2024 · Sep 20, 2024 · Sep 30, 2024 · Sep 30, 2024
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -4,3 +4,4 @@
 
 github: [KindSpells, castarco]
 open_collective: kindspells-labs
+polar: kindspells
diff --git a/.github/workflows/npm_publish.yml b/.github/workflows/npm_publish.yml
@@ -25,7 +25,7 @@ jobs:
     - name: Install PNPM # v3.0.0
       uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d
       with:
-        version: '9.10.0'
+        version: '9.11.0'
     - name: Use Node.js ${{ matrix.node-version }} # v4.0.2
       uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
       with:

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -33,7 +33,7 @@ jobs:
     - name: Install PNPM # v3.0.0
       uses: pnpm/action-setup@a3252b78c470c02df07e9d59298aecedc3ccdd6d
       with:
-        version: '9.10.0'
+        version: '9.11.0'
     - name: Use Node.js ${{ matrix.node-version }} # v4.0.2
       uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8
       with:

diff --git a/.moon/toolchain.yml b/.moon/toolchain.yml
@@ -5,4 +5,4 @@
 node:
   packageManager: 'pnpm'
   pnpm:
-    version: 9.10.0
+    version: 9.11.0
diff --git a/.node-version b/.node-version
@@ -1 +1 @@
-22.8.0
+22.9.0
diff --git a/@kindspells/astro-shield/package.json b/@kindspells/astro-shield/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@kindspells/astro-shield",
-	"version": "1.5.3",
+	"version": "1.6.0",
 	"description": "Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.",
 	"private": false,
 	"type": "module",
@@ -63,14 +63,14 @@
 		"astro": "^4.0.0"
 	},
 	"devDependencies": {
-		"@types/node": "^22.5.5",
-		"astro": "^4.15.8",
+		"@types/node": "^22.7.4",
+		"astro": "^4.15.9",
 		"get-tsconfig": "^4.8.1",
-		"rollup": "^4.22.0",
+		"rollup": "^4.22.5",
 		"rollup-plugin-dts": "^6.1.1",
 		"rollup-plugin-esbuild": "^6.1.1",
 		"typescript": "^5.6.2",
-		"vite": "^5.4.6",
+		"vite": "^5.4.8",
 		"vitest": "^2.1.1"
 	},
 	"repository": {
@@ -89,7 +89,7 @@
 			"url": "https://ko-fi.com/coderspirit"
 		}
 	],
-	"packageManager": "pnpm@9.10.0",
+	"packageManager": "pnpm@9.11.0",
 	"engines": {
 		"node": ">= 18.0.0"
 	},

diff --git a/@kindspells/astro-shield/src/core.mts b/@kindspells/astro-shield/src/core.mts
@@ -16,6 +16,7 @@ import { doesFileExist, scanDirectory } from './fs.mts'
 import { patchHeaders } from './headers.mts'
 import type {
 	HashesCollection,
+	IntegrationState,
 	Logger,
 	MiddlewareHashes,
 	PerPageHashes,
@@ -25,6 +26,9 @@ import type {
 } from './types.mts'
 import { patchNetlifyHeadersConfig } from './netlify.mts'
 import { exhaustiveGuard } from './utils.mts'
+import { patchVercelHeadersConfig } from './vercel.mts'
+
+type AstroHooks = AstroIntegration['hooks']
 
 export type HashesModule = {
 	[k in keyof HashesCollection]: HashesCollection[k] extends Set<string>
@@ -741,7 +745,7 @@ const newHashesCollection = (): HashesCollection => ({
 // TODO: TEST CASE!
 export const processStaticFiles = async (
 	logger: Logger,
-	{ distDir, sri, securityHeaders }: StrictShieldOptions,
+	{ state, distDir, sri, securityHeaders }: StrictShieldOptions,
 ): Promise<void> => {
 	const h = newHashesCollection()
 
@@ -761,23 +765,23 @@ export const processStaticFiles = async (
 		const provider = securityHeaders.enableOnStaticPages.provider
 		switch (provider) {
 			case 'netlify': {
-				if (
-					(securityHeaders.enableOnStaticPages.mode ?? '_headers') !==
-					'_headers'
-				) {
-					throw new Error(
-						'Netlify provider only supports "_headers" mode for now',
-					)
-				}
 				await patchNetlifyHeadersConfig(
 					resolve(distDir, '_headers'),
 					securityHeaders,
-					h,
+					h.perPageSriHashes,
+				)
+				break
+			}
+			case 'vercel': {
+				await patchVercelHeadersConfig(
+					logger,
+					distDir,
+					state.config,
+					securityHeaders,
+					h.perPageSriHashes,
 				)
 				break
 			}
-			case 'vercel':
-				throw new Error('Vercel provider is still not supported')
 			default:
 				exhaustiveGuard(provider, 'provider')
 		}
@@ -992,29 +996,61 @@ export const getViteMiddlewarePlugin = (
 	}
 }
 
+const getAstroBuildDone = (
+	state: IntegrationState,
+	sri: Required<SRIOptions>,
+	securityHeaders: SecurityHeadersOptions | undefined,
+): NonNullable<AstroHooks['astro:build:done']> =>
+	(async ({ dir, logger }) => {
+		if (sri.enableStatic) {
+			await processStaticFiles(logger, {
+				state,
+				distDir: fileURLToPath(dir),
+				sri,
+				securityHeaders,
+			})
+		}
+	}) satisfies NonNullable<AstroHooks['astro:build:done']>
+
 /**
  * @param {Required<SRIOptions>} sri
  * @param {SecurityHeadersOptions | undefined} securityHeaders
  * @returns
  */
 export const getAstroConfigSetup = (
+	state: IntegrationState,
 	sri: Required<SRIOptions>,
 	securityHeaders: SecurityHeadersOptions | undefined,
 ): Required<AstroIntegration['hooks']>['astro:config:setup'] => {
 	// biome-ignore lint/suspicious/useAwait: We have to conform to the Astro API
 	return async ({ logger, addMiddleware, config, updateConfig }) => {
-		const publicDir = fileURLToPath(config.publicDir)
-		const plugin = getViteMiddlewarePlugin(
-			logger,
-			sri,
-			securityHeaders,
-			publicDir,
-		)
-		updateConfig({ vite: { plugins: [plugin] } })
+		state.config = config
+
+		if (sri.enableMiddleware) {
+			const publicDir = fileURLToPath(config.publicDir)
+			const plugin = getViteMiddlewarePlugin(
+				logger,
+				sri,
+				securityHeaders,
+				publicDir,
+			)
+			updateConfig({ vite: { plugins: [plugin] } })
+
+			addMiddleware({
+				order: 'post',
+				entrypoint: 'virtual:@kindspells/astro-shield/middleware',
+			})
+		}
 
-		addMiddleware({
-			order: 'post',
-			entrypoint: 'virtual:@kindspells/astro-shield/middleware',
+		updateConfig({
+			integrations: [
+				{
+					name: '@kindspells/astro-shield-post-config-setup',
+					hooks: {
+						'astro:build:done': getAstroBuildDone(state, sri, securityHeaders),
+					},
+				},
+			],
 		})
 	}
 }
diff --git a/@kindspells/astro-shield/src/e2e/fixtures/dynamic/package.json b/@kindspells/astro-shield/src/e2e/fixtures/dynamic/package.json
@@ -10,8 +10,8 @@
 	},
 	"license": "MIT",
 	"dependencies": {
-		"@astrojs/node": "^8.3.3",
-		"astro": "^4.15.8"
+		"@astrojs/node": "^8.3.4",
+		"astro": "^4.15.9"
 	},
 	"devDependencies": {
 		"@kindspells/astro-shield": "workspace:*"

diff --git a/@kindspells/astro-shield/src/e2e/fixtures/hybrid/package.json b/@kindspells/astro-shield/src/e2e/fixtures/hybrid/package.json
@@ -8,8 +8,8 @@
 	},
 	"license": "MIT",
 	"dependencies": {
-		"@astrojs/node": "^8.3.3",
-		"astro": "^4.15.8"
+		"@astrojs/node": "^8.3.4",
+		"astro": "^4.15.9"
 	},
 	"devDependencies": {
 		"@kindspells/astro-shield": "workspace:*"

diff --git a/@kindspells/astro-shield/src/e2e/fixtures/hybrid2/package.json b/@kindspells/astro-shield/src/e2e/fixtures/hybrid2/package.json
@@ -8,8 +8,8 @@
 	},
 	"license": "MIT",
 	"dependencies": {
-		"@astrojs/node": "^8.3.3",
-		"astro": "^4.15.8"
+		"@astrojs/node": "^8.3.4",
+		"astro": "^4.15.9"
 	},
 	"devDependencies": {
 		"@kindspells/astro-shield": "workspace:*"

diff --git a/@kindspells/astro-shield/src/e2e/fixtures/hybrid3/package.json b/@kindspells/astro-shield/src/e2e/fixtures/hybrid3/package.json
@@ -8,8 +8,8 @@
 	},
 	"license": "MIT",
 	"dependencies": {
-		"@astrojs/node": "^8.3.3",
-		"astro": "^4.15.8"
+		"@astrojs/node": "^8.3.4",
+		"astro": "^4.15.9"
 	},
 	"devDependencies": {
 		"@kindspells/astro-shield": "workspace:*"

diff --git a/@kindspells/astro-shield/src/e2e/fixtures/static/package.json b/@kindspells/astro-shield/src/e2e/fixtures/static/package.json
@@ -8,7 +8,7 @@
 	},
 	"license": "MIT",
 	"dependencies": {
-		"astro": "^4.15.8"
+		"astro": "^4.15.9"
 	},
 	"devDependencies": {
 		"@kindspells/astro-shield": "workspace:*"

diff --git a/@kindspells/astro-shield/src/main.mts b/@kindspells/astro-shield/src/main.mts
@@ -4,29 +4,10 @@
  * SPDX-License-Identifier: MIT
  */
 
-import { fileURLToPath } from 'node:url'
-
 import type { AstroIntegration } from 'astro'
 
-import { getAstroConfigSetup, processStaticFiles } from '#as/core'
-import type {
-	SecurityHeadersOptions,
-	ShieldOptions,
-	SRIOptions,
-} from './types.mts'
-
-type AstroHooks = AstroIntegration['hooks']
-
-const getAstroBuildDone = (
-	sri: Required<SRIOptions>,
-	securityHeaders: SecurityHeadersOptions | undefined,
-): NonNullable<AstroHooks['astro:build:done']> =>
-	(async ({ dir, logger }) =>
-		await processStaticFiles(logger, {
-			distDir: fileURLToPath(dir),
-			sri,
-			securityHeaders,
-		})) satisfies NonNullable<AstroHooks['astro:build:done']>
+import { getAstroConfigSetup } from '#as/core'
+import type { IntegrationState, ShieldOptions, SRIOptions } from './types.mts'
 
 const logWarn = (msg: string): void =>
 	console.warn(`\nWARNING (@kindspells/astro-shield):\n\t${msg}\n`)
@@ -54,19 +35,12 @@ export const shield = ({
 		logWarn('`sri.hashesModule` is ignored when `sri.enableStatic` is `false`')
 	}
 
+	const state: IntegrationState = { config: {} }
+
 	return {
 		name: '@kindspells/astro-shield',
 		hooks: {
-			...(_sri.enableStatic === true
-				? {
-						'astro:build:done': getAstroBuildDone(_sri, securityHeaders),
-					}
-				: undefined),
-			...(_sri.enableMiddleware === true
-				? {
-						'astro:config:setup': getAstroConfigSetup(_sri, securityHeaders),
-					}
-				: undefined),
+			'astro:config:setup': getAstroConfigSetup(state, _sri, securityHeaders),
 		},
 	} satisfies AstroIntegration
 }