upgrade

2026-02-20 04:25:39 +01:00 · 2025-02-24 20:00:01 +00:00 · 2025-02-24 20:00:01 +00:00 · 6a8b804aff
commit 6a8b804aff
parent bbf91f31db
27 changed files with 16152 additions and 2893 deletions
--- a/next.config.js
+++ b/next.config.js
@ -1,29 +1,31 @@
 /* eslint-disable @typescript-eslint/no-var-requires */
 require('dotenv').config();
-const path = require('path');
 const pkg = require('./package.json');

-const basePath = process.env.BASE_PATH || '';
-const forceSSL = process.env.FORCE_SSL || '';
-const collectApiEndpoint = process.env.COLLECT_API_ENDPOINT || '';
-const defaultLocale = process.env.DEFAULT_LOCALE || '';
-const trackerScriptName = process.env.TRACKER_SCRIPT_NAME || '';
-const cloudMode = process.env.CLOUD_MODE || '';
-const cloudUrl = process.env.CLOUD_URL || '';
-const disableLogin = process.env.DISABLE_LOGIN || '';
-const disableUI = process.env.DISABLE_UI || '';
-const hostURL = process.env.HOST_URL || '';
-const privateMode = process.env.PRIVATE_MODE || '';
+const TRACKER_SCRIPT = '/script.js';
+
+const basePath = process.env.BASE_PATH;
+const collectApiEndpoint = process.env.COLLECT_API_ENDPOINT;
+const cloudMode = process.env.CLOUD_MODE;
+const cloudUrl = process.env.CLOUD_URL;
+const corsMaxAge = process.env.CORS_MAX_AGE;
+const defaultLocale = process.env.DEFAULT_LOCALE;
+const disableLogin = process.env.DISABLE_LOGIN;
+const disableUI = process.env.DISABLE_UI;
+const forceSSL = process.env.FORCE_SSL;
+const privateMode = process.env.PRIVATE_MODE;
+const trackerScriptName = process.env.TRACKER_SCRIPT_NAME;
+const trackerScriptURL = process.env.TRACKER_SCRIPT_URL;

 const contentSecurityPolicy = [
  `default-src 'self'`,
-  `img-src *`,
+  `img-src * data:`,
  `script-src 'self' 'unsafe-eval' 'unsafe-inline'`,
  `style-src 'self' 'unsafe-inline'`,
-  `connect-src 'self' api.umami.is cloud.umami.is`
+  `connect-src 'self' api.umami.is cloud.umami.is`,
 ];

-const headers = [
+const defaultHeaders = [
  {
    key: 'X-DNS-Prefetch-Control',
    value: 'on',
@ -38,14 +40,52 @@ const headers = [
 ];

 if (forceSSL) {
-  headers.push({
+  defaultHeaders.push({
    key: 'Strict-Transport-Security',
    value: 'max-age=63072000; includeSubDomains; preload',
  });
 }

+const trackerHeaders = [
+  {
+    key: 'Access-Control-Allow-Origin',
+    value: '*',
+  },
+  {
+    key: 'Cache-Control',
+    value: 'public, max-age=86400, must-revalidate',
+  },
+];
+
+const headers = [
+  {
+    source: '/api/:path*',
+    headers: [
+      { key: 'Access-Control-Allow-Origin', value: '*' },
+      { key: 'Access-Control-Allow-Headers', value: '*' },
+      { key: 'Access-Control-Allow-Methods', value: 'GET, DELETE, POST, PUT' },
+      { key: 'Access-Control-Max-Age', value: corsMaxAge || '86400' },
+    ],
+  },
+  {
+    source: '/:path*',
+    headers: defaultHeaders,
+  },
+  {
+    source: TRACKER_SCRIPT,
+    headers: trackerHeaders,
+  },
+];
+
 const rewrites = [];

+if (trackerScriptURL) {
+  rewrites.push({
+    source: TRACKER_SCRIPT,
+    destination: trackerScriptURL,
+  });
+}
+
 if (collectApiEndpoint) {
  rewrites.push({
    source: collectApiEndpoint,
@ -53,19 +93,6 @@ if (collectApiEndpoint) {
  });
 }

-if (trackerScriptName) {
-  const names = trackerScriptName?.split(',').map(name => name.trim());
-
-  if (names) {
-    names.forEach(name => {
-      rewrites.push({
-        source: `/${name.replace(/^\/+/, '')}`,
-        destination: '/script.js',
-      });
-    });
-  }
-}
-
 const redirects = [
  {
    source: '/settings',
@ -84,6 +111,27 @@ const redirects = [
  },
 ];

+// Adding rewrites + headers for all alternative tracker script names.
+if (trackerScriptName) {
+  const names = trackerScriptName?.split(',').map(name => name.trim());
+
+  if (names) {
+    names.forEach(name => {
+      const normalizedSource = `/${name.replace(/^\/+/, '')}`;
+
+      rewrites.push({
+        source: normalizedSource,
+        destination: TRACKER_SCRIPT,
+      });
+
+      headers.push({
+        source: normalizedSource,
+        headers: trackerHeaders,
+      });
+    });
+  }
+}
+
 if (cloudMode && cloudUrl) {
  redirects.push({
    source: '/settings/:path*',
@ -118,7 +166,6 @@ const config = {
    defaultLocale,
    disableLogin,
    disableUI,
-    hostURL,
    privateMode,
  },
  basePath,
@ -129,36 +176,26 @@ const config = {
  typescript: {
    ignoreBuildErrors: true,
  },
+  experimental: {
+    turbo: {
+      rules: {
+        '*.svg': {
+          loaders: ['@svgr/webpack'],
+          as: '*.js',
+        },
+      },
+    },
+  },
  webpack(config) {
-    const fileLoaderRule = config.module.rules.find(rule => rule.test?.test?.('.svg'));
-
-    config.module.rules.push(
-      {
-        ...fileLoaderRule,
-        test: /\.svg$/i,
-        resourceQuery: /url/,
-      },
-      {
-        test: /\.svg$/i,
-        issuer: fileLoaderRule.issuer,
-        resourceQuery: { not: [...fileLoaderRule.resourceQuery.not, /url/] },
-        use: ['@svgr/webpack'],
-      },
-    );
-
-    fileLoaderRule.exclude = /\.svg$/i;
-
-    config.resolve.alias['public'] = path.resolve('./public');
-
+    config.module.rules.push({
+      test: /\.svg$/,
+      issuer: /\.(js|ts)x?$/,
+      use: ['@svgr/webpack'],
+    });
    return config;
  },
  async headers() {
-    return [
-      {
-        source: '/:path*',
-        headers,
-      },
-    ];
+    return headers;
  },
  async rewrites() {
    return [
@ -167,6 +204,10 @@ const config = {
        source: '/telemetry.js',
        destination: '/api/scripts/telemetry',
      },
+      {
+        source: '/teams/:teamId/:path((?!settings).*)*',
+        destination: '/:path*',
+      },
    ];
  },
  async redirects() {