Add strict checking to detect public file request

Author: fwang

.changeset/warm-nails-jam.md

@@ -0,0 +1,5 @@
+---
+"open-next": patch
+---
+
+Add strict checking to detect public file request

packages/open-next/src/adapters/server-adapter.ts

@@ -14,7 +14,7 @@ import NextServer from "next/dist/server/next-server.js";
 import { loadConfig, setNodeEnv } from "./util.js";
 import { isBinaryContentType } from "./binary.js";
 import { debug } from "./logger.js";
-import type { PublicAssets } from "../build.js";
+import type { PublicFiles } from "../build.js";
 
 setNodeEnv();
 setNextjsServerWorkingDirectory();
@@ -138,7 +138,7 @@ export async function handler(
     : eventParser.apiv2(event as APIGatewayProxyEventV2);
 
   // WORKAROUND: public/ static files served by the server function (AWS specific) — https://github.com/serverless-stack/open-next#workaround-public-static-files-served-by-the-server-function-aws-specific
-  if (isPublicAsset(parser.rawPath)) {
+  if (publicAssets.files.includes(parser.rawPath)) {
     return isCloudFrontEvent
       ? formatCloudFrontFailoverResponse(event as CloudFrontRequestEvent)
       : formatApiv2FailoverResponse();
@@ -200,18 +200,7 @@ function loadHtmlPages() {
 function loadPublicAssets() {
   const filePath = path.join(openNextDir, "public-files.json");
   const json = fs.readFileSync(filePath, "utf-8");
-  return JSON.parse(json) as PublicAssets;
-}
-
-function isPublicAsset(rawPath: string) {
-  console.log(publicAssets);
-  console.log({ rawPath });
-  // rawPath = "/favicon.ico"
-  // rawPath = "/images/logo.png"
-  return (
-    publicAssets[rawPath] === "file" ||
-    publicAssets[rawPath.split("/").slice(0, 2).join("/")] === "dir"
-  );
+  return JSON.parse(json) as PublicFiles;
 }
 
 async function processRequest(req: IncomingMessage, res: ServerResponse) {

packages/open-next/src/build.ts

@@ -9,7 +9,9 @@ const appPath = process.cwd();
 const outputDir = ".open-next";
 const tempDir = path.join(outputDir, ".build");
 
-export type PublicAssets = Record<string, "file" | "dir">;
+export type PublicFiles = {
+  files: string[];
+};
 
 export async function build() {
   // Pre-build validation
@@ -112,17 +114,25 @@ function initOutputDir() {
   fs.mkdirSync(tempDir, { recursive: true });
 }
 
-function readTopLevelPublicFilesAndDirs() {
+function listPublicFiles() {
   const publicPath = path.join(appPath, "public");
 
-  const items: PublicAssets = {};
+  const result: PublicFiles = { files: [] };
 
-  fs.readdirSync(publicPath).map((file) => {
-    items[`/${file}`] = fs.statSync(path.join(publicPath, file)).isDirectory()
-      ? "dir"
-      : "file";
-  });
-  return items;
+  function processDirectory(pathInPublic: string) {
+    const files = fs.readdirSync(path.join(publicPath, pathInPublic), {
+      withFileTypes: true,
+    });
+
+    for (const file of files) {
+      file.isDirectory()
+        ? processDirectory(path.join(pathInPublic, file.name))
+        : result.files.push(path.join(pathInPublic, file.name));
+    }
+  }
+
+  processDirectory("/");
+  return result;
 }
 
 function createServerBundle(monorepoRoot: string) {
@@ -186,7 +196,7 @@ function createServerBundle(monorepoRoot: string) {
   fs.mkdirSync(outputOpenNextPath, { recursive: true });
   fs.writeFileSync(
     path.join(outputOpenNextPath, "public-files.json"),
-    JSON.stringify(readTopLevelPublicFilesAndDirs())
+    JSON.stringify(listPublicFiles())
   );
 }