nextjs improvements (#99)

next.js integration now working correctly on vercel and with various security features enabled in all the modes app/pages, node/edge, page/api, etc additional refactoring and cleanup of related code Co-authored-by: Theo Ephraim <theo@systeminit.com>
dmno-dev · Jul 18, 2024 · f15eae3 · f15eae3
1 parent 8e6ce81
commit f15eae3
Show file tree

Hide file tree

Showing 35 changed files with 679 additions and 264 deletions.
diff --git a/.changeset/proud-cats-cheer.md b/.changeset/proud-cats-cheer.md
@@ -0,0 +1,7 @@
+---
+"@dmno/nextjs-integration": patch
+"@dmno/astro-integration": patch
+"dmno": patch
+---
+
+nextjs integration with working security features, related refactoring to dmno and astro integration
diff --git a/example-repo/.dmno/config.mts b/example-repo/.dmno/config.mts
@@ -35,6 +35,7 @@ export default defineDmnoService({
   settings: {
     interceptSensitiveLeakRequests: true,
     redactSensitiveLogs: true,
+    preventClientLeaks: true,
   },
   schema: {
     NODE_ENV: NodeEnvType,

diff --git a/example-repo/packages/api/src/routes/index.ts b/example-repo/packages/api/src/routes/index.ts
@@ -83,3 +83,9 @@ router.get('/interceptor-demo', async (ctx) => {
 
   ctx.body = results;
 });
+
+router.get('/leak-demo', async (ctx) => {
+  ctx.body = {
+    leaked: DMNO_CONFIG.SECRET_FOO,
+  };
+});
diff --git a/example-repo/packages/astro-web/astro.config.ts b/example-repo/packages/astro-web/astro.config.ts
@@ -20,7 +20,7 @@ console.log('> secret value =', unredact(DMNO_CONFIG.SECRET_FOO));
 // https://astro.build/config
 export default defineConfig({
   integrations: [
-    dmnoAstroIntegration(),
+    dmnoAstroIntegration() as any,
     vue({ appEntrypoint: '/src/vue-app-config' }),
     mdx(),
     {

diff --git a/example-repo/packages/nextjs-web/.dmno/config.mts b/example-repo/packages/nextjs-web/.dmno/config.mts
@@ -56,11 +56,13 @@ export default defineDmnoService({
     SECRET_STATIC: {
       value: 'secret-static-default',
       sensitive: true,
+      required: true,
     },
     SECRET_DYNAMIC: {
       value: 'secret-dynamic-default',
       dynamic: true,
       sensitive: true,
+      required: true,
     },
 
 

diff --git a/example-repo/packages/nextjs-web/next.config.mjs b/example-repo/packages/nextjs-web/next.config.mjs
@@ -12,4 +12,4 @@ const nextConfig = {
   // rest of user config...
 };
 
-export default dmnoNextConfigPlugin({ redactSensitiveLogs: true })(nextConfig);
+export default dmnoNextConfigPlugin()(nextConfig);
diff --git a/example-repo/packages/nextjs-web/package.json b/example-repo/packages/nextjs-web/package.json
@@ -11,7 +11,7 @@
   },
   "dependencies": {
     "@dmno/nextjs-integration": "link:../../../packages/integrations/nextjs",
-    "next": "14.2.2",
+    "next": "14.2.4",
     "react": "^18.2.0",
     "react-dom": "^18.2.0"
   },

diff --git a/example-repo/packages/nextjs-web/src/app/globals.css b/example-repo/packages/nextjs-web/src/app/globals.css
@@ -18,16 +18,24 @@
 
 body {
   color: rgb(var(--foreground-rgb));
-  background: linear-gradient(
-      to bottom,
+  background: linear-gradient(to bottom,
       transparent,
-      rgb(var(--background-end-rgb))
-    )
-    rgb(var(--background-start-rgb));
+      rgb(var(--background-end-rgb))) rgb(var(--background-start-rgb));
 }
 
 @layer utilities {
   .text-balance {
     text-wrap: balance;
   }
 }
+
+
+nav {
+  display: flex;
+  gap: 20px;
+}
+
+nav a:hover {
+  color: cyan;
+
+}
diff --git a/example-repo/packages/nextjs-web/src/app/intercept-test/page.tsx b/example-repo/packages/nextjs-web/src/app/intercept-test/page.tsx
@@ -0,0 +1,24 @@
+import '@dmno/nextjs-integration/inject';
+
+console.log('server top of file', DMNO_CONFIG.SECRET_STATIC);
+
+export default async function ServerPage() {
+  console.log('server handler fn --', DMNO_CONFIG.SECRET_STATIC);
+  console.log('server handler fn --', DMNO_CONFIG.SECRET_DYNAMIC);
+
+  const apiResp = await fetch('https://api.sampleapis.com/beers/ale', {
+    headers: {
+      // secret: DMNO_CONFIG.SECRET_STATIC,
+      'x-another': 'bloop',
+    },
+  });
+
+  return (
+    <main>
+      <h1>Leaked http interceptor test!</h1>
+
+      <p>This page should fail due to leaking a secret via an outbound http reqeust</p>
+
+    </main>
+  )
+}
diff --git a/example-repo/packages/nextjs-web/src/app/layout.tsx b/example-repo/packages/nextjs-web/src/app/layout.tsx
@@ -17,15 +17,15 @@ export default function RootLayout({
 }>) {
   return (
     <html lang="en">
+
       <body className={`${inter.className} p-6`}>
         <h1>DMNO + nextjs example</h1>
         <nav>
           <a href="/client-page">client rendered page</a>
-          |||| 
           <a href="/server-page">server rendered page</a>
-          ||||
-
           <a href="/api">json api endpoint</a>
+          <a href="/leak-test">Leak test</a>
+          <a href="/intercept-test">Http interceptor test</a>
         </nav>
         <hr className="my-4" />
 

diff --git a/example-repo/packages/nextjs-web/src/app/leak-test/page.tsx b/example-repo/packages/nextjs-web/src/app/leak-test/page.tsx
@@ -0,0 +1,18 @@
+import '@dmno/nextjs-integration/inject';
+
+console.log('server top of file', DMNO_CONFIG.SECRET_STATIC);
+
+export default function ServerPage() {
+  console.log('server handler fn --', DMNO_CONFIG.SECRET_STATIC);
+  console.log('server handler fn --', DMNO_CONFIG.SECRET_DYNAMIC);
+
+  return (
+    <main>
+      <h1>Leaked content test!</h1>
+
+      <p>This page should fail due to leaking a secret</p>
+
+      <p>{ DMNO_CONFIG.SECRET_STATIC }</p>
+    </main>
+  )
+}
diff --git a/example-repo/packages/nextjs-web/tsconfig.json b/example-repo/packages/nextjs-web/tsconfig.json
@@ -20,7 +20,6 @@
     "paths": {
       "@/*": [ "./src/*" ]
     },
-    "customConditions": [ "ts-src" ]
   },
   "include": [
     "next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts",

diff --git a/example-repo/pnpm-lock.yaml b/example-repo/pnpm-lock.yaml
diff --git a/packages/core/package.json b/packages/core/package.json
@@ -23,11 +23,11 @@
   ],
   "scripts": {
     "clean": "rm -rf dist",
-    "build": "pnpm run build:injector && tsup",
+    "build": "pnpm run clean && pnpm run build:injector && tsup",
     "build:injector": "tsup --config tsup.inject-standalone.config.ts",
     "build:ifnodist": "[ -d \"./dist\" ] && echo 'dist exists' || pnpm build",
     "build:tarball": "turbo build && pnpm pack --pack-destination \"../../../tmp-package-registry\"",
-    "dev": "pnpm run build:injector && tsup --watch",
+    "dev": "pnpm run clean && pnpm run build:injector && tsup --watch",
     "lint": "eslint src --ext .ts,.cjs",
     "lint:fix": "pnpm run lint --fix",
     "test": "vitest"
@@ -65,6 +65,7 @@
     "./injector-standalone": {
       "ts-src": "./src/globals-injector/injector.ts",
       "import": "./dist/globals-injector-standalone/injector.js",
+      "default": "./dist/globals-injector-standalone/injector.cjs",
       "types": "./dist/globals-injector-standalone/injector.d.ts"
     },
     "./tsconfigs/*.json": "./tsconfigs/*",

diff --git a/packages/core/src/cli/lib/schema-scaffold.ts b/packages/core/src/cli/lib/schema-scaffold.ts
@@ -166,7 +166,7 @@ export function generateDmnoConfigInitialCode(opts: {
     '',
     'export default defineDmnoService({',
     opts.isRoot && '  isRoot: true,',
-    opts.isRoot && '  settings: {\n    redactSensitiveLogs: true,\n    interceptSensitiveLeakRequests: true,\n  },',
+    opts.isRoot && '  settings: {\n    redactSensitiveLogs: true,\n    interceptSensitiveLeakRequests: true,\n    preventClientLeaks: true,\n  },',
     opts.serviceName
       ? `  name: '${opts.serviceName}',`
       : (opts.isMonorepo ? '  // no name specified - inherit from package.json' : undefined),