share collections in middleware vm context (#31043)

When libraries are required outside of the middleware function context and they do checks such as `a instanceof Uint8Array` since the constructors are different between the two contexts they'll always yield false. This is a problem for libraries validating user input as well as the WebCryptoAPI polyfill used outside of Edge Functions. - Fixes #30477 - Fixes #30911 This is only a problem for the sandbox runtime, not when ran inside an Edge Function.
vercel · Nov 9, 2021 · 0985b0b · 0985b0b
1 parent 764e29c
commit 0985b0b
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 1 deletion.
diff --git a/packages/next/server/web/sandbox/sandbox.ts b/packages/next/server/web/sandbox/sandbox.ts
@@ -87,6 +87,30 @@ export async function run(params: {
       TransformStream,
       URL,
       URLSearchParams,
+
+      // Indexed collections
+      Array,
+      Int8Array,
+      Uint8Array,
+      Uint8ClampedArray,
+      Int16Array,
+      Uint16Array,
+      Int32Array,
+      Uint32Array,
+      Float32Array,
+      Float64Array,
+      BigInt64Array,
+      BigUint64Array,
+
+      // Keyed collections
+      Map,
+      Set,
+      WeakMap,
+      WeakSet,
+
+      // Structured data
+      ArrayBuffer,
+      SharedArrayBuffer,
     }
 
     context.self = context

diff --git a/test/integration/middleware/core/pages/interface/_middleware.js b/test/integration/middleware/core/pages/interface/_middleware.js
@@ -2,7 +2,7 @@
 
 import { NextResponse } from 'next/server'
 
-export function middleware(request) {
+export async function middleware(request) {
   const url = request.nextUrl
 
   if (url.pathname.endsWith('/globalthis')) {
@@ -13,6 +13,28 @@ export function middleware(request) {
     })
   }
 
+  if (url.pathname.endsWith('/webcrypto')) {
+    const response = {}
+    try {
+      const algorithm = {
+        name: 'RSA-PSS',
+        hash: 'SHA-256',
+        publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+        modulusLength: 2048,
+      }
+      const keyUsages = ['sign', 'verify']
+      await crypto.subtle.generateKey(algorithm, false, keyUsages)
+    } catch (err) {
+      response.error = true
+    } finally {
+      return new NextResponse(JSON.stringify(response), {
+        headers: {
+          'content-type': 'application/json; charset=utf-8',
+        },
+      })
+    }
+  }
+
   return new Response(null, {
     headers: {
       'req-url-basepath': request.nextUrl.basePath,

diff --git a/test/integration/middleware/core/test/index.test.js b/test/integration/middleware/core/test/index.test.js
@@ -350,6 +350,12 @@ function interfaceTests(locale = '') {
     expect(globals.length > 0).toBe(true)
   })
 
+  it(`${locale} collection constructors are shared`, async () => {
+    const res = await fetchViaHTTP(context.appPort, '/interface/webcrypto')
+    const response = await res.json()
+    expect('error' in response).toBe(false)
+  })
+
   it(`${locale} should validate request url parameters from a static route`, async () => {
     const res = await fetchViaHTTP(
       context.appPort,