exteranlize sa encryption key

vercel · Apr 29, 2024 · 6db7475 · 6db7475
1 parent 81a3c2d
commit 6db7475
Show file tree

Hide file tree

Showing 6 changed files with 35 additions and 17 deletions.
diff --git a/packages/next/src/build/templates/edge-ssr-app.ts b/packages/next/src/build/templates/edge-ssr-app.ts
@@ -78,7 +78,7 @@ const render = getRender({
   serverActions: isServerComponent ? serverActions : undefined,
   subresourceIntegrityManifest,
   config: nextConfig,
-  buildId: 'VAR_BUILD_ID',
+  buildId: process.env.__NEXT_BUILD_ID || 'VAR_BUILD_ID',
   nextFontManifest,
   incrementalCacheHandler,
   interceptionRouteRewrites,

diff --git a/packages/next/src/build/templates/edge-ssr.ts b/packages/next/src/build/templates/edge-ssr.ts
@@ -104,7 +104,7 @@ const render = getRender({
   reactLoadableManifest,
   subresourceIntegrityManifest,
   config: nextConfig,
-  buildId: 'VAR_BUILD_ID',
+  buildId: process.env.__NEXT_BUILD_ID || 'VAR_BUILD_ID',
   nextFontManifest,
   incrementalCacheHandler,
 })

diff --git a/packages/next/src/build/webpack-config.ts b/packages/next/src/build/webpack-config.ts
@@ -1814,8 +1814,9 @@ export default async function getBaseWebpackConfig(
           sriEnabled: !dev && !!config.experimental.sri?.algorithm,
           rewrites,
           edgeEnvironments: {
+            __NEXT_BUILD_ID: buildId,
+            NEXT_SERVER_ACTIONS_ENCRYPTION_KEY: encryptionKey,
             ...edgePreviewProps,
-            buildId,
           },
         }),
       isClient &&

diff --git a/packages/next/src/build/webpack/plugins/build-manifest-plugin.ts b/packages/next/src/build/webpack/plugins/build-manifest-plugin.ts
@@ -30,15 +30,15 @@ export type ClientBuildManifest = {
 export const srcEmptySsgManifest = `self.__SSG_MANIFEST=new Set;self.__SSG_MANIFEST_CB&&self.__SSG_MANIFEST_CB()`
 
 // Return different path for edge runtime and nodejs runtime
-// edge: '"/static/" + process.env.NEXT_BUILD_ID + "/low-priority.js"'
+// edge: '"/static/" + process.env.__NEXT_BUILD_ID + "/low-priority.js"'
 // nodejs: '/static/<build id>/low-priority.js'
 function buildLowPriorityPath(
   filename: string,
   buildId: string,
   isEdgeRuntime: boolean
 ) {
   return isEdgeRuntime
-    ? `"${CLIENT_STATIC_FILES_PATH}/" + process.env.NEXT_BUILD_ID + "/${filename}"`
+    ? `"${CLIENT_STATIC_FILES_PATH}/" + process.env.__NEXT_BUILD_ID + "/${filename}"`
     : `${CLIENT_STATIC_FILES_PATH}/${buildId}/${filename}`
 }
 

diff --git a/packages/next/src/build/webpack/plugins/flight-client-entry-plugin.ts b/packages/next/src/build/webpack/plugins/flight-client-entry-plugin.ts
@@ -1016,20 +1016,29 @@ export class FlightClientEntryPlugin {
       edgeServerActions[id] = action
     }
 
-    const json = JSON.stringify(
-      {
-        node: serverActions,
-        edge: edgeServerActions,
-        encryptionKey: this.encryptionKey,
-      },
+    const serverManifest = {
+      node: serverActions,
+      edge: edgeServerActions,
+      encryptionKey: this.encryptionKey,
+    }
+    const edgeServerManifest = {
+      ...serverManifest,
+      encryptionKey: 'process.env.__NEXT_SERVER_ACTION_ENCRYPTION_KEY',
+    }
+
+    const json = JSON.stringify(serverManifest, null, this.dev ? 2 : undefined)
+    const edgeJson = JSON.stringify(
+      edgeServerManifest,
       null,
       this.dev ? 2 : undefined
     )
 
-    assets[`${this.assetPrefix}${SERVER_REFERENCE_MANIFEST}.js`] =
-      new sources.RawSource(
-        `self.__RSC_SERVER_MANIFEST=${JSON.stringify(json)}`
-      ) as unknown as webpack.sources.RawSource
+    if (this.isEdgeServer) {
+      assets[`${this.assetPrefix}${SERVER_REFERENCE_MANIFEST}.js`] =
+        new sources.RawSource(
+          `self.__RSC_SERVER_MANIFEST=${JSON.stringify(edgeJson)}`
+        ) as unknown as webpack.sources.RawSource
+    }
     assets[`${this.assetPrefix}${SERVER_REFERENCE_MANIFEST}.json`] =
       new sources.RawSource(json) as unknown as webpack.sources.RawSource
   }

diff --git a/packages/next/src/build/webpack/plugins/middleware-plugin.ts b/packages/next/src/build/webpack/plugins/middleware-plugin.ts
@@ -739,18 +739,26 @@ function getExtractMetadata(params: {
   }
 }
 
+// These values will be replaced again in edge runtime deployment build.
+// `buildId` represents BUILD_ID to be externalized in env vars.
+// `encryptionKey` represents server action encryption key to be externalized in env vars.
+type EdgeRuntimeEnvironments = Record<string, string> & {
+  __NEXT_BUILD_ID: string
+  NEXT_SERVER_ACTIONS_ENCRYPTION_KEY: string
+}
+
 interface Options {
   dev: boolean
   sriEnabled: boolean
   rewrites: CustomRoutes['rewrites']
-  edgeEnvironments: Record<string, string>
+  edgeEnvironments: EdgeRuntimeEnvironments
 }
 
 export default class MiddlewarePlugin {
   private readonly dev: Options['dev']
   private readonly sriEnabled: Options['sriEnabled']
   private readonly rewrites: Options['rewrites']
-  private readonly edgeEnvironments: Record<string, string>
+  private readonly edgeEnvironments: EdgeRuntimeEnvironments
 
   constructor({ dev, sriEnabled, rewrites, edgeEnvironments }: Options) {
     this.dev = dev