Add support for static routing (i.e. \_routes.json) to Workers Assets (#9280)

* WC-3583 Add static routing matching to rules engine

* WC-3583 Support static routing in router config

* WC-3583 Route requests based on static routing when present

- When a request matches a static routing "exclude" rule, it's directly
forwarded to the asset worker.

- When a request matches a static routing "include" rule, it's directly
forwarded to the user worker.

- Otherwise, previous behavior takes over

This also adds a new analytics field (double6) for what routing decision
was made

* WC-3583 Fix unawaited async assertion

vitest yelled at me and told me this should be awaited and may error in
future releases

* WC-3583 Disable Sec-Fetch-Mode check when static routing is present

When the Router worker has static routing, the check against
"Sec-Fetch-Mode: navigate" is unnecessary. We have explicit static
routing to indicate whether or not we should go to a User worker or
the Asset worker, and should not try and guess via usually-set browser
headers

This adds a new parameter to unstable_canFetch RPC method, which should
be fine for backwards compatibility, and can be extended in the future
if needed. This was necessary because the Asset worker checks the
Request headers for Sec-Fetch-Mode to indicate if it can serve an asset
(including an index.html or 404.html page based on not_found_handling),
but static routing is only provided to the Router worker. Thus, we need
to pass more information over RPC

* WC-3583 Add changeset

Author: matthewdavidrodgers

.changeset/tasty-hoops-own.md

@@ -0,0 +1,11 @@
+---
+"@cloudflare/workers-shared": minor
+---
+
+Adds support for static routing (i.e. \_routes.json) to Workers Assets
+
+Implements the proposal noted here https://github.com/cloudflare/workers-sdk/discussions/9143
+
+In brief: when static routing is present for a Worker with assets, routing via those static rules takes precedence. When a request is evaluated in the Router Worker, the request path is first compared to the "exclude" rules. If any match, the request is forwarded directly to the Asset Worker. If instead any "include" rules match, the request is forwarded directly to the User Worker. If neither match (or static routing was not provided), the existing behavior takes over.
+
+As part of this explicit routing, when static routing is present, the check against "Sec-Fetch-Mode: navigate" (to guess if this should serve an asset or go to the User Worker for not_found_handling) is disabled. Routing can be controlled by uploading a \_routes.json, and asset serving (including when an index.html or 404.html page is served) will be more simple.

packages/workers-shared/asset-worker/src/configuration.ts

@@ -20,6 +20,7 @@ export const normalizeConfiguration = (
 			version: 2,
 			rules: {},
 		},
+		has_static_routing: configuration?.has_static_routing ?? false,
 		account_id: configuration?.account_id ?? -1,
 		script_id: configuration?.script_id ?? -1,
 		debug: configuration?.debug ?? false,

packages/workers-shared/asset-worker/src/handler.ts

@@ -203,7 +203,9 @@ export const canFetch = async (
 			flagIsEnabled(
 				configuration,
 				SEC_FETCH_MODE_NAVIGATE_HEADER_PREFERS_ASSET_SERVING
-			) && request.headers.get("Sec-Fetch-Mode") === "navigate"
+			) &&
+			request.headers.get("Sec-Fetch-Mode") === "navigate" &&
+			!configuration.has_static_routing
 		)
 	) {
 		configuration = {

packages/workers-shared/asset-worker/src/utils/rules-engine.ts

@@ -28,6 +28,43 @@ export const replacer = (str: string, replacements: Replacements) => {
 	return str;
 };
 
+export const generateGlobOnlyRuleRegExp = (rule: string) => {
+	// Escape all regex characters other than globs (the "*" character) since that's all that's supported.
+	rule = rule.split("*").map(escapeRegex).join(".*");
+
+	// Wrap in line terminators to be safe.
+	rule = "^" + rule + "$";
+
+	return RegExp(rule);
+};
+
+export const generateRuleRegExp = (rule: string) => {
+	// Create :splat capturer then escape.
+	rule = rule.split("*").map(escapeRegex).join("(?<splat>.*)");
+
+	// Create :placeholder capturers (already escaped).
+	// For placeholders in the host, we separate at forward slashes and periods.
+	// For placeholders in the path, we separate at forward slashes.
+	// This matches the behavior of URLPattern.
+	// e.g. https://:subdomain.domain/ -> https://(here).domain/
+	// e.g. /static/:file -> /static/(image.jpg)
+	// e.g. /blog/:post -> /blog/(an-exciting-post)
+	const host_matches = rule.matchAll(HOST_PLACEHOLDER_REGEX);
+	for (const host_match of host_matches) {
+		rule = rule.split(host_match[0]).join(`(?<${host_match[1]}>[^/.]+)`);
+	}
+
+	const path_matches = rule.matchAll(PLACEHOLDER_REGEX);
+	for (const path_match of path_matches) {
+		rule = rule.split(path_match[0]).join(`(?<${path_match[1]}>[^/]+)`);
+	}
+
+	// Wrap in line terminators to be safe.
+	rule = "^" + rule + "$";
+
+	return RegExp(rule);
+};
+
 export const generateRulesMatcher = <T>(
 	rules?: Record<string, T>,
 	replacerFn: (match: T, replacements: Replacements) => T = (match) => match
@@ -40,31 +77,8 @@ export const generateRulesMatcher = <T>(
 		.map(([rule, match]) => {
 			const crossHost = rule.startsWith("https://");
 
-			// Create :splat capturer then escape.
-			rule = rule.split("*").map(escapeRegex).join("(?<splat>.*)");
-
-			// Create :placeholder capturers (already escaped).
-			// For placeholders in the host, we separate at forward slashes and periods.
-			// For placeholders in the path, we separate at forward slashes.
-			// This matches the behavior of URLPattern.
-			// e.g. https://:subdomain.domain/ -> https://(here).domain/
-			// e.g. /static/:file -> /static/(image.jpg)
-			// e.g. /blog/:post -> /blog/(an-exciting-post)
-			const host_matches = rule.matchAll(HOST_PLACEHOLDER_REGEX);
-			for (const host_match of host_matches) {
-				rule = rule.split(host_match[0]).join(`(?<${host_match[1]}>[^/.]+)`);
-			}
-
-			const path_matches = rule.matchAll(PLACEHOLDER_REGEX);
-			for (const path_match of path_matches) {
-				rule = rule.split(path_match[0]).join(`(?<${path_match[1]}>[^/]+)`);
-			}
-
-			// Wrap in line terminators to be safe.
-			rule = "^" + rule + "$";
-
 			try {
-				const regExp = new RegExp(rule);
+				const regExp = generateRuleRegExp(rule);
 				return [{ crossHost, regExp }, match];
 			} catch {}
 		})
@@ -131,3 +145,19 @@ export const generateRedirectsMatcher = (
 			to: replacer(to, replacements),
 		})
 	);
+
+export const generateStaticRoutingRuleMatcher =
+	(rules: string[]) =>
+	({ request }: { request: Request }) => {
+		const { pathname } = new URL(request.url);
+		for (const rule of rules) {
+			try {
+				const regExp = generateGlobOnlyRuleRegExp(rule);
+				if (regExp.test(pathname)) {
+					return true;
+				}
+			} catch {}
+		}
+
+		return false;
+	};

packages/workers-shared/asset-worker/tests/handler.test.ts

@@ -1325,41 +1325,56 @@ describe("[Asset Worker] `canFetch`", () => {
 			[{ "Sec-Fetch-Mode": "cors" }, false],
 		] as const;
 
+		const staticRoutingModes = [
+			[false, true],
+			[true, false],
+		] as const;
+
 		const matrix = [];
 		for (const compatibilityOptions of compatibilityOptionsModes) {
 			for (const notFoundHandling of notFoundHandlingModes) {
 				for (const headers of headersModes) {
-					matrix.push({
-						compatibilityDate: compatibilityOptions[0].compatibilityDate,
-						compatibilityFlags: compatibilityOptions[0].compatibilityFlags,
-						notFoundHandling: notFoundHandling[0],
-						headers: headers[0],
-						expected:
-							compatibilityOptions[1] && notFoundHandling[1] && headers[1],
-					});
+					for (const hasStaticRouting of staticRoutingModes) {
+						matrix.push({
+							compatibilityDate: compatibilityOptions[0].compatibilityDate,
+							compatibilityFlags: compatibilityOptions[0].compatibilityFlags,
+							notFoundHandling: notFoundHandling[0],
+							headers: headers[0],
+							hasStaticRouting: hasStaticRouting[0],
+							expected:
+								compatibilityOptions[1] &&
+								notFoundHandling[1] &&
+								headers[1] &&
+								hasStaticRouting[1],
+						});
+					}
 				}
 			}
 		}
 
 		it.each(matrix)(
-			"compatibility_date $compatibilityDate, compatibility_flags $compatibilityFlags, not_found_handling $notFoundHandling, headers: $headers -> $expected",
+			"compatibility_date $compatibilityDate, compatibility_flags $compatibilityFlags, not_found_handling $notFoundHandling, headers: $headers, hasStaticRouting $hasStaticRouting -> $expected",
 			async ({
 				compatibilityDate,
 				compatibilityFlags,
 				notFoundHandling,
 				headers,
+				hasStaticRouting,
 				expected,
 			}) => {
 				expect(
 					await canFetch(
 						new Request("https://example.com/foo", { headers }),
 						// @ts-expect-error Empty config default to using mocked jaeger
 						mockEnv,
-						normalizeConfiguration({
-							compatibility_date: compatibilityDate,
-							compatibility_flags: compatibilityFlags,
-							not_found_handling: notFoundHandling,
-						}),
+						{
+							...normalizeConfiguration({
+								compatibility_date: compatibilityDate,
+								compatibility_flags: compatibilityFlags,
+								not_found_handling: notFoundHandling,
+								has_static_routing: hasStaticRouting,
+							}),
+						},
 						exists
 					)
 				).toBeTruthy();
@@ -1369,11 +1384,14 @@ describe("[Asset Worker] `canFetch`", () => {
 						new Request("https://example.com/bar", { headers }),
 						// @ts-expect-error Empty config default to using mocked jaeger
 						mockEnv,
-						normalizeConfiguration({
-							compatibility_date: compatibilityDate,
-							compatibility_flags: compatibilityFlags,
-							not_found_handling: notFoundHandling,
-						}),
+						{
+							...normalizeConfiguration({
+								compatibility_date: compatibilityDate,
+								compatibility_flags: compatibilityFlags,
+								not_found_handling: notFoundHandling,
+								has_static_routing: hasStaticRouting,
+							}),
+						},
 						exists
 					)
 				).toBe(expected);
@@ -1383,11 +1401,14 @@ describe("[Asset Worker] `canFetch`", () => {
 						new Request("https://example.com/", { headers }),
 						// @ts-expect-error Empty config default to using mocked jaeger
 						mockEnv,
-						normalizeConfiguration({
-							compatibility_date: compatibilityDate,
-							compatibility_flags: compatibilityFlags,
-							not_found_handling: notFoundHandling,
-						}),
+						{
+							...normalizeConfiguration({
+								compatibility_date: compatibilityDate,
+								compatibility_flags: compatibilityFlags,
+								not_found_handling: notFoundHandling,
+								has_static_routing: hasStaticRouting,
+							}),
+						},
 						exists
 					)
 				).toBeTruthy();
@@ -1397,11 +1418,14 @@ describe("[Asset Worker] `canFetch`", () => {
 						new Request("https://example.com/404", { headers }),
 						// @ts-expect-error Empty config default to using mocked jaeger
 						mockEnv,
-						normalizeConfiguration({
-							compatibility_date: compatibilityDate,
-							compatibility_flags: compatibilityFlags,
-							not_found_handling: notFoundHandling,
-						}),
+						{
+							...normalizeConfiguration({
+								compatibility_date: compatibilityDate,
+								compatibility_flags: compatibilityFlags,
+								not_found_handling: notFoundHandling,
+								has_static_routing: hasStaticRouting,
+							}),
+						},
 						exists
 					)
 				).toBeTruthy();