From a560620e36db68cd10ab6bbb0ab7200e452b05fa Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Wed, 24 Jan 2024 17:14:45 +0700
Subject: [PATCH 01/34] Add code for invoking middleware (WIP) Add
 serverAuthState

---
 packages/auth/ambient.d.ts                    |  4 +
 .../auth/src/AuthProvider/AuthProvider.tsx    | 23 +++++-
 .../src/AuthProvider/ServerAuthProvider.tsx   | 79 +++++++++++++++++++
 packages/auth/src/index.ts                    |  3 +
 packages/vite/src/devFeServer.ts              | 24 ++++++
 .../streaming/createReactStreamingHandler.ts  | 19 +++++
 packages/vite/src/streaming/streamHelpers.ts  | 33 +++++---
 7 files changed, 169 insertions(+), 16 deletions(-)
 create mode 100644 packages/auth/src/AuthProvider/ServerAuthProvider.tsx

diff --git a/packages/auth/ambient.d.ts b/packages/auth/ambient.d.ts
index b4e7a73a07c2..c53e66b14846 100644
--- a/packages/auth/ambient.d.ts
+++ b/packages/auth/ambient.d.ts
@@ -20,8 +20,12 @@ declare global {
     RWJS_API_URL: string
 
     __REDWOOD__APP_TITLE: string
+
+    RWJS_EXP_STREAMING_SSR: boolean
   }
 
+  var __REDWOOD__SERVER__AUTH_STATE__: AuthProviderState<any>
+
   namespace NodeJS {
     interface Global {
       /** URL or absolute path to the GraphQL serverless function */
diff --git a/packages/auth/src/AuthProvider/AuthProvider.tsx b/packages/auth/src/AuthProvider/AuthProvider.tsx
index b4a5d9a20d29..97afe439b235 100644
--- a/packages/auth/src/AuthProvider/AuthProvider.tsx
+++ b/packages/auth/src/AuthProvider/AuthProvider.tsx
@@ -1,11 +1,12 @@
 import type { ReactNode } from 'react'
-import React, { useEffect, useState } from 'react'
+import React, { useContext, useEffect, useState } from 'react'
 
 import type { AuthContextInterface, CurrentUser } from '../AuthContext'
 import type { AuthImplementation } from '../AuthImplementation'
 
 import type { AuthProviderState } from './AuthProviderState'
 import { defaultAuthProviderState } from './AuthProviderState'
+import { ServerAuthContext } from './ServerAuthProvider'
 import { useCurrentUser } from './useCurrentUser'
 import { useForgotPassword } from './useForgotPassword'
 import { useHasRole } from './useHasRole'
@@ -82,9 +83,11 @@ export function createAuthProvider<
   }: AuthProviderProps) => {
     // const [hasRestoredState, setHasRestoredState] = useState(false)
 
+    const serverAuthState = useContext(ServerAuthContext)
+
     const [authProviderState, setAuthProviderState] = useState<
       AuthProviderState<TUser>
-    >(defaultAuthProviderState)
+    >(serverAuthState || defaultAuthProviderState)
 
     const getToken = useToken(authImplementation)
 
@@ -130,12 +133,24 @@ export function createAuthProvider<
     // Whenever the authImplementation is ready to go, restore auth and reauthenticate
     useEffect(() => {
       async function doRestoreState() {
+        // @MARK: this is where we fetch currentUser from graphql again
+        // because without SSR, initial state doesn't exist
+        // what we want to do here is to conditionally call reauthenticate
+        // so that the restoreAuthState comes from the injected state
+
+        // the problem is that reauthenticate does both getCurrentUser and udpate the auth state
         await authImplementation.restoreAuthState?.()
-        reauthenticate()
+
+        // If the inital state didn't come from the server (or was restored before)
+        // reauthenticate will make an API call to the middleware to receive the current user
+        // (instead of called the graphql endpoint with currentUser)
+        if (!serverAuthState) {
+          reauthenticate()
+        }
       }
 
       doRestoreState()
-    }, [reauthenticate])
+    }, [reauthenticate, serverAuthState])
 
     return (
       <AuthContext.Provider
diff --git a/packages/auth/src/AuthProvider/ServerAuthProvider.tsx b/packages/auth/src/AuthProvider/ServerAuthProvider.tsx
new file mode 100644
index 000000000000..b1e21150fc67
--- /dev/null
+++ b/packages/auth/src/AuthProvider/ServerAuthProvider.tsx
@@ -0,0 +1,79 @@
+import type { ReactNode } from 'react'
+import React from 'react'
+
+import type { AuthProviderState } from './AuthProviderState'
+import { defaultAuthProviderState } from './AuthProviderState'
+
+export type ServerAuthState = AuthProviderState<never> & {
+  // Used by AuthProvider in getToken. We can probably remove this
+  encryptedSession?: string | null
+  cookieHeader?: string
+}
+
+const getAuthInitialStateFromServer = () => {
+  if (globalThis?.__REDWOOD__SERVER__AUTH_STATE__) {
+    const initialState = {
+      ...defaultAuthProviderState,
+      encryptedSession: null,
+      ...(globalThis?.__REDWOOD__SERVER__AUTH_STATE__ || {}),
+    }
+    // Clear it so we don't accidentally use it again
+    globalThis.__REDWOOD__SERVER__AUTH_STATE__ = null
+    return initialState
+  }
+
+  // Already restored
+  return null
+}
+
+/**
+ * On the server, it resolves to the defaultAuthProviderState first.
+ *
+ * On the client it restores from the initial server state injected in the ServerAuthProvider
+ */
+export const ServerAuthContext = React.createContext<ServerAuthState>(
+  getAuthInitialStateFromServer()
+)
+
+/***
+ * Note: This only gets rendered on the server and serves two purposes:
+ * 1) On the server, it sets the auth state
+ * 2) On the client, it restores the auth state from the initial server render
+ */
+export const ServerAuthProvider = ({
+  value,
+  children,
+}: {
+  value: ServerAuthState
+  children?: ReactNode[]
+}) => {
+  // @NOTE: we "Sanitize" to remove encryptedSession and cookieHeader
+  // not totally necessary, but it's nice to not have them in the DOM
+  // @MARK: needs discussion!
+  const stringifiedAuthState = `__REDWOOD__SERVER__AUTH_STATE__ = ${JSON.stringify(
+    sanitizeServerAuthState(value)
+  )};`
+
+  return (
+    <>
+      <script
+        id="__REDWOOD__SERVER_AUTH_STATE__"
+        dangerouslySetInnerHTML={{
+          __html: stringifiedAuthState,
+        }}
+      />
+
+      <ServerAuthContext.Provider value={value}>
+        {children}
+      </ServerAuthContext.Provider>
+    </>
+  )
+}
+function sanitizeServerAuthState(value: ServerAuthState) {
+  const sanitizedState = { ...value }
+  // Remove the cookie from being printed onto the DOM
+  // harmless, but still...
+  delete sanitizedState.cookieHeader
+
+  return sanitizedState
+}
diff --git a/packages/auth/src/index.ts b/packages/auth/src/index.ts
index b06907f98619..14a8cc83fbba 100644
--- a/packages/auth/src/index.ts
+++ b/packages/auth/src/index.ts
@@ -2,3 +2,6 @@ export { AuthContextInterface, CurrentUser } from './AuthContext'
 export { useNoAuth, UseAuth } from './useAuth'
 export { createAuthentication } from './authFactory'
 export type { AuthImplementation } from './AuthImplementation'
+
+export * from './AuthProvider/AuthProviderState'
+export * from './AuthProvider/ServerAuthProvider'
diff --git a/packages/vite/src/devFeServer.ts b/packages/vite/src/devFeServer.ts
index d4e5445ee8d7..04b826736001 100644
--- a/packages/vite/src/devFeServer.ts
+++ b/packages/vite/src/devFeServer.ts
@@ -80,6 +80,30 @@ async function createServer() {
       : route.pathDefinition
 
     app.get(expressPathDef, createServerAdapter(routeHandler))
+
+    app.all(
+      '/_rw_mw',
+      createServerAdapter(async (req: Request) => {
+        const entryServerImport = await vite.ssrLoadModule(
+          rwPaths.web.entryServer as string // already validated in dev server
+        )
+
+        const middleware = entryServerImport.middleware
+
+        let out = null
+        if (middleware) {
+          try {
+            out = await middleware(req)
+          } catch (e) {
+            console.error('Whooopsie, error in middleware POST handler')
+            console.error(e)
+          }
+        }
+
+        // @TODO: We should check the type of resposne here I guess
+        return out
+      })
+    )
   }
 
   const port = getConfig().web.port
diff --git a/packages/vite/src/streaming/createReactStreamingHandler.ts b/packages/vite/src/streaming/createReactStreamingHandler.ts
index 9b58e126a561..6fd5e6cd3bf0 100644
--- a/packages/vite/src/streaming/createReactStreamingHandler.ts
+++ b/packages/vite/src/streaming/createReactStreamingHandler.ts
@@ -3,6 +3,7 @@ import path from 'path'
 import isbot from 'isbot'
 import type { ViteDevServer } from 'vite'
 
+import { defaultAuthProviderState } from '@redwoodjs/auth'
 import type { RWRouteManifestItem } from '@redwoodjs/internal'
 import { getAppRouteHook, getConfig, getPaths } from '@redwoodjs/project-config'
 import { matchPath } from '@redwoodjs/router'
@@ -68,6 +69,8 @@ export const createReactStreamingHandler = async (
       })
     }
 
+    const decodedAuthState = defaultAuthProviderState
+
     // Do this inside the handler for **dev-only**.
     // This makes sure that changes to entry-server are picked up on refresh
     if (!isProd) {
@@ -77,6 +80,21 @@ export const createReactStreamingHandler = async (
       fallbackDocumentImport = await viteDevServer.ssrLoadModule(
         rwPaths.web.document
       )
+
+      const middleware = entryServerImport.middleware
+
+      // @TODO (1) construct MWRequest Object here from req
+      // Req.context
+
+      if (middleware) {
+        try {
+          // @TODO (2): Get the MWResponseBuilder and create a response from it
+          // if its a Redirect, you can just respond here.
+          // const mwResponse = await middleware(req)
+        } catch (e) {
+          console.error('Whooopsie, error in middleware', e)
+        }
+      }
     }
 
     const ServerEntry =
@@ -134,6 +152,7 @@ export const createReactStreamingHandler = async (
         cssLinks,
         isProd,
         jsBundles,
+        authState: decodedAuthState,
       },
       {
         waitForAllReady: isSeoCrawler,
diff --git a/packages/vite/src/streaming/streamHelpers.ts b/packages/vite/src/streaming/streamHelpers.ts
index 7085a1189953..9c5a0cc81c03 100644
--- a/packages/vite/src/streaming/streamHelpers.ts
+++ b/packages/vite/src/streaming/streamHelpers.ts
@@ -7,6 +7,8 @@ import type {
   ReactDOMServerReadableStream,
 } from 'react-dom/server'
 
+import type { ServerAuthState } from '@redwoodjs/auth'
+import { ServerAuthProvider } from '@redwoodjs/auth'
 import { LocationProvider } from '@redwoodjs/router'
 import type { TagDescriptor } from '@redwoodjs/web'
 // @TODO (ESM), use exports field. Cannot import from web because of index exports
@@ -27,6 +29,7 @@ interface RenderToStreamArgs {
   cssLinks: string[]
   isProd: boolean
   jsBundles?: string[]
+  authState: ServerAuthState
 }
 
 interface StreamOptions {
@@ -47,6 +50,7 @@ export async function reactRenderToStreamResponse(
     cssLinks,
     isProd,
     jsBundles = [],
+    authState,
   } = renderOptions
 
   if (!isProd) {
@@ -80,15 +84,15 @@ export async function reactRenderToStreamResponse(
 
   const timeoutTransform = createTimeoutTransform(timeoutHandle)
 
-  // @ts-expect-error Something in React's packages mean types dont come through
   // Possible that we need to upgrade the @types/* packages
+  // @ts-expect-error Something in React's packages mean types dont come through
   const { renderToReadableStream } = await import('react-dom/server.edge')
 
   const renderRoot = (path: string) => {
     return React.createElement(
-      ServerHtmlProvider,
+      ServerAuthProvider,
       {
-        value: injectToPage,
+        value: authState,
       },
       React.createElement(
         LocationProvider,
@@ -97,11 +101,17 @@ export async function reactRenderToStreamResponse(
             pathname: path,
           },
         },
-        ServerEntry({
-          url: path,
-          css: cssLinks,
-          meta: metaTags,
-        })
+        React.createElement(
+          ServerHtmlProvider,
+          {
+            value: injectToPage,
+          },
+          ServerEntry({
+            url: path,
+            css: cssLinks,
+            meta: metaTags,
+          })
+        )
       )
     )
   }
@@ -133,11 +143,10 @@ export async function reactRenderToStreamResponse(
       },
     }
 
+    const root = renderRoot(currentPathName)
+
     const reactStream: ReactDOMServerReadableStream =
-      await renderToReadableStream(
-        renderRoot(currentPathName),
-        renderToStreamOptions
-      )
+      await renderToReadableStream(root, renderToStreamOptions)
 
     // @NOTE: very important that we await this before we apply any transforms
     if (waitForAllReady) {

From 17ab5f78cc43538bda9c38e0c068be535dea2ee7 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Thu, 25 Jan 2024 01:19:32 +0700
Subject: [PATCH 02/34] Fix links in suspense apollo provider for backwards
 compatibility

---
 packages/web/src/apollo/links.tsx    | 25 +++++++++++++++++--------
 packages/web/src/apollo/suspense.tsx | 28 ++++++++++++++++++++--------
 2 files changed, 37 insertions(+), 16 deletions(-)

diff --git a/packages/web/src/apollo/links.tsx b/packages/web/src/apollo/links.tsx
index 0316ba36c3bb..7ed5564e0db3 100644
--- a/packages/web/src/apollo/links.tsx
+++ b/packages/web/src/apollo/links.tsx
@@ -5,14 +5,23 @@ import { print } from 'graphql/language/printer'
 
 export function createHttpLink(
   uri: string,
-  httpLinkConfig: HttpOptions | undefined
+  httpLinkConfig: HttpOptions | undefined,
+  cookieHeader?: string
 ) {
+  const headers: Record<string, string> = {}
+
+  if (cookieHeader) {
+    headers.cookie = cookieHeader
+  }
+
   return new HttpLink({
     uri,
     ...httpLinkConfig,
     // you can disable result caching here if you want to
     // @TODO: this is probably NextJS specific. Revisit once we have our own apollo package
     fetchOptions: { cache: 'no-store' },
+    credentials: 'include',
+    headers,
   })
 }
 
@@ -60,7 +69,6 @@ export function createAuthApolloLink(
 ) {
   return new ApolloLink((operation, forward) => {
     const { token } = operation.getContext()
-
     // Only add auth headers when there's a token. `token` is `null` when `!isAuthenticated`.
     const authHeaders = token
       ? {
@@ -123,11 +131,12 @@ export type RedwoodApolloLink<
   link: Link
 }
 
-export type RedwoodApolloLinks = [
-  RedwoodApolloLink<'withToken'>,
-  RedwoodApolloLink<'authMiddleware'>,
-  RedwoodApolloLink<'enhanceErrorLink'>,
-  RedwoodApolloLink<'httpLink', HttpLink>
-]
+export type RedwoodApolloLinks = Array<
+  | RedwoodApolloLink<'withToken'>
+  | RedwoodApolloLink<'authMiddleware'>
+  | RedwoodApolloLink<'enhanceErrorLink'>
+  | RedwoodApolloLink<'httpLink', HttpLink>
+  | null
+>
 
 export type RedwoodApolloLinkFactory = (links: RedwoodApolloLinks) => ApolloLink
diff --git a/packages/web/src/apollo/suspense.tsx b/packages/web/src/apollo/suspense.tsx
index 312d7f87f5a8..f8544a2974b9 100644
--- a/packages/web/src/apollo/suspense.tsx
+++ b/packages/web/src/apollo/suspense.tsx
@@ -7,6 +7,8 @@
  * Eventually we will have one ApolloProvider, not multiple.
  */
 
+import { useContext } from 'react'
+
 import type {
   ApolloCache,
   ApolloClientOptions,
@@ -31,7 +33,7 @@ import {
 } from '@apollo/experimental-nextjs-app-support/ssr'
 
 import type { UseAuth } from '@redwoodjs/auth'
-import { useNoAuth } from '@redwoodjs/auth'
+import { ServerAuthContext, useNoAuth } from '@redwoodjs/auth'
 import './typeOverride'
 
 import {
@@ -119,15 +121,16 @@ const ApolloProviderWithFetchConfig: React.FunctionComponent<{
   useAuth?: UseAuth
   logLevel: ReturnType<typeof setLogVerbosity>
   children: React.ReactNode
-}> = ({ config, children, useAuth = useNoAuth, logLevel }) => {
+}> = ({ config, children, logLevel, useAuth = useNoAuth }) => {
   // Should they run into it, this helps users with the "Cannot render cell; GraphQL success but data is null" error.
   // See https://github.com/redwoodjs/redwood/issues/2473.
   apolloSetLogVerbosity(logLevel)
 
-  // See https://www.apollographql.com/docs/react/api/link/introduction.
+  const { uri, headers } = useFetchConfig()
   const { getToken, type: authProviderType } = useAuth()
+  const isDev = process.env.NODE_ENV === 'development'
 
-  const { headers, uri } = useFetchConfig()
+  const serverAuthState = useContext(ServerAuthContext)
 
   const getGraphqlUrl = () => {
     // @NOTE: This comes from packages/vite/src/streaming/registerGlobals.ts
@@ -145,15 +148,24 @@ const ApolloProviderWithFetchConfig: React.FunctionComponent<{
 
   // We use this object, because that's the shape of what we pass to the config.link factory
   const redwoodApolloLinks: RedwoodApolloLinks = [
+    // @MARK REMOVE: We will not need these for cookie based auth ~~~~
     { name: 'withToken', link: createTokenLink(getToken) },
     {
       name: 'authMiddleware',
       link: createAuthApolloLink(authProviderType, headers),
     },
-    // @REVIEW: Should we take this out for prod?
-    { name: 'enhanceErrorLink', link: createUpdateDataLink() },
-    { name: 'httpLink', link: createHttpLink(getGraphqlUrl(), httpLinkConfig) },
-  ]
+    // ~~~~ @END REMOVE ~~~~±±±±±
+    isDev && { name: 'enhanceErrorLink', link: createUpdateDataLink() },
+    {
+      name: 'httpLink',
+      link: createHttpLink(
+        getGraphqlUrl(),
+        httpLinkConfig,
+        serverAuthState?.cookieHeader
+      ),
+    },
+    // filter boolean doesn't play nice with TS
+  ].filter((link): link is RedwoodApolloLink<any> => !!link)
 
   function makeClient() {
     // @MARK use special Apollo client

From 84279f78447fe789e5561fad73980c37843c3814 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Thu, 25 Jan 2024 01:19:39 +0700
Subject: [PATCH 03/34] WIP: Start adding MW classes

---
 packages/vite/package.json                    |  2 +
 .../vite/src/middleware/CookieJar.test.ts     | 52 ++++++++++++++
 packages/vite/src/middleware/CookieJar.ts     | 68 +++++++++++++++++++
 .../src/middleware/MiddlewareRequest.test.ts  | 24 +++++++
 .../vite/src/middleware/MiddlewareRequest.ts  | 33 +++++++++
 .../vite/src/middleware/MiddlewareResponse.ts | 43 ++++++++++++
 yarn.lock                                     | 16 +++++
 7 files changed, 238 insertions(+)
 create mode 100644 packages/vite/src/middleware/CookieJar.test.ts
 create mode 100644 packages/vite/src/middleware/CookieJar.ts
 create mode 100644 packages/vite/src/middleware/MiddlewareRequest.test.ts
 create mode 100644 packages/vite/src/middleware/MiddlewareRequest.ts
 create mode 100644 packages/vite/src/middleware/MiddlewareResponse.ts

diff --git a/packages/vite/package.json b/packages/vite/package.json
index d327f0eedfb5..9887337bfdda 100644
--- a/packages/vite/package.json
+++ b/packages/vite/package.json
@@ -74,6 +74,7 @@
     "acorn-loose": "8.3.0",
     "buffer": "6.0.3",
     "busboy": "^1.6.0",
+    "cookie": "0.6.0",
     "core-js": "3.34.0",
     "dotenv-defaults": "5.0.2",
     "express": "4.18.2",
@@ -87,6 +88,7 @@
   "devDependencies": {
     "@babel/cli": "7.23.4",
     "@types/busboy": "^1",
+    "@types/cookie": "^0",
     "@types/express": "4",
     "@types/react": "18.2.37",
     "@types/yargs-parser": "21.0.3",
diff --git a/packages/vite/src/middleware/CookieJar.test.ts b/packages/vite/src/middleware/CookieJar.test.ts
new file mode 100644
index 000000000000..0da44aad92bc
--- /dev/null
+++ b/packages/vite/src/middleware/CookieJar.test.ts
@@ -0,0 +1,52 @@
+import { describe, expect, test } from 'vitest'
+
+import { CookieJar } from './CookieJar'
+
+describe('CookieJar', () => {
+  // Grabbed from github
+  const cookieJar = new CookieJar(
+    'color_mode=%7B%22color_mode%22%3A%22light%22%2C%22light_theme%22%3A%7B%22name%22%3A%22light%22%2C%22color_mode%22%3A%22light%22%7D%2C%22dark_theme%22%3A%7B%22name%22%3A%22dark_dimmed%22%2C%22color_mode%22%3A%22dark%22%7D%7D; preferred_color_mode=dark; tz=Asia%2FBangkok'
+  )
+
+  test('instatitates cookie jar from a cookie string', () => {
+    expect(cookieJar.get('color_mode')).toStrictEqual({
+      value: JSON.stringify({
+        color_mode: 'light',
+        light_theme: { name: 'light', color_mode: 'light' },
+        dark_theme: { name: 'dark_dimmed', color_mode: 'dark' },
+      }),
+    })
+
+    expect(cookieJar.get('preferred_color_mode')).toStrictEqual({
+      value: 'dark',
+    })
+
+    expect(cookieJar.get('tz')).toStrictEqual({
+      value: 'Asia/Bangkok',
+    })
+  })
+
+  describe('Helper methods like JS Map', () => {
+    test('has', () => {
+      expect(cookieJar.has('color_mode')).toBe(true)
+      expect(cookieJar.has('bazinga')).toBe(false)
+    })
+
+    test('size', () => {
+      expect(cookieJar.size).toBe(3)
+    })
+
+    test('entries', () => {
+      const iterator = cookieJar.entries()
+
+      expect(iterator.next().done).toBe(false)
+      expect(iterator.next().done).toBe(false)
+
+      const finalItem = iterator.next()
+      expect(finalItem.done).toBe(false)
+      expect(finalItem.value).toStrictEqual(['tz', { value: 'Asia/Bangkok' }])
+
+      expect(iterator.next().done).toBe(true)
+    })
+  })
+})
diff --git a/packages/vite/src/middleware/CookieJar.ts b/packages/vite/src/middleware/CookieJar.ts
new file mode 100644
index 000000000000..e4f6578d3b7b
--- /dev/null
+++ b/packages/vite/src/middleware/CookieJar.ts
@@ -0,0 +1,68 @@
+import cookie from 'cookie'
+
+export type CookieParams = {
+  value: string
+  options?: cookie.CookieSerializeOptions
+}
+
+/**
+ * Specialised cookie map, that lets you set cookies with options
+ * */
+export class CookieJar {
+  private map = new Map<string, CookieParams>()
+
+  // This allows CookieJar to be used in MWRequest.cookie also
+  // note that options are not available when constructed this way
+  constructor(cookieString?: string | null) {
+    if (cookieString) {
+      const parsedCookies = cookie.parse(cookieString)
+
+      this.map = new Map(
+        Object.entries(parsedCookies).map(([key, value]) => {
+          return [key, { value }]
+        })
+      )
+    }
+  }
+
+  public set(
+    name: string,
+    value: string,
+    options?: cookie.CookieSerializeOptions
+  ) {
+    this.map.set(name, {
+      value,
+      options,
+    })
+
+    return this
+  }
+
+  public get(name: string) {
+    return this.map.get(name)
+  }
+
+  public has(name: string) {
+    return this.map.has(name)
+  }
+
+  public delete(name: string) {
+    return this.map.delete(name)
+  }
+
+  public clear() {
+    this.map.clear()
+  }
+
+  public entries() {
+    return this.map.entries()
+  }
+
+  public [Symbol.iterator]() {
+    return this.map[Symbol.iterator]()
+  }
+
+  public get size() {
+    return this.map.size
+  }
+}
diff --git a/packages/vite/src/middleware/MiddlewareRequest.test.ts b/packages/vite/src/middleware/MiddlewareRequest.test.ts
new file mode 100644
index 000000000000..1459921aef6b
--- /dev/null
+++ b/packages/vite/src/middleware/MiddlewareRequest.test.ts
@@ -0,0 +1,24 @@
+import { describe, expect, test } from 'vitest'
+
+import { createMiddlewareRequest } from './MiddlewareRequest'
+
+describe('MiddlewareRequest', () => {
+  test('Converts a Request object correctly', () => {
+    const req = new Request('http://redwoodjs.com', {
+      method: 'POST',
+      body: JSON.stringify({
+        hello: 'world',
+      }),
+      headers: {
+        'Content-Type': 'application/json',
+        Cookie: 'foo=bar',
+      },
+    })
+    const mReq = createMiddlewareRequest(req)
+    console.log(`👉 \n ~ mReq:`, mReq)
+
+    expect(mReq.cookies.get('foo')).toStrictEqual({ value: 'bar' })
+    expect(mReq.method).toStrictEqual('POST')
+    expect(mReq.headers.get('Content-Type')).toStrictEqual('application/json')
+  })
+})
diff --git a/packages/vite/src/middleware/MiddlewareRequest.ts b/packages/vite/src/middleware/MiddlewareRequest.ts
new file mode 100644
index 000000000000..2f1d31e7e0bc
--- /dev/null
+++ b/packages/vite/src/middleware/MiddlewareRequest.ts
@@ -0,0 +1,33 @@
+import { CookieJar } from './CookieJar'
+
+class ContextJar {
+  private _data = {}
+
+  get() {
+    return this._data
+  }
+
+  set(value: any) {
+    this._data = value
+  }
+}
+
+interface MiddlewareRequest extends Request {
+  cookies: CookieJar
+  serverAuthContext: ContextJar
+}
+
+/**
+ * Converts a Web API Request object to a MiddlewareRequest object
+ * also ensures that serverAuthContext is fresh for each request
+ * (assuming that it is a new instance for each request)
+ */
+export const createMiddlewareRequest = (req: Request) => {
+  const middlewareRequest: MiddlewareRequest = {
+    ...req,
+    cookies: new CookieJar(req.headers.get('Cookie')),
+    serverAuthContext: new ContextJar(),
+  }
+
+  return middlewareRequest
+}
diff --git a/packages/vite/src/middleware/MiddlewareResponse.ts b/packages/vite/src/middleware/MiddlewareResponse.ts
new file mode 100644
index 000000000000..95a6e933b259
--- /dev/null
+++ b/packages/vite/src/middleware/MiddlewareResponse.ts
@@ -0,0 +1,43 @@
+import cookie from 'cookie'
+
+import { CookieJar } from './CookieJar'
+
+/**
+ * This is actually a Response builder class
+ * After setting all the required proeprties, we can call `build` to get a Web API Response object
+ */
+export class MiddlewareResponse {
+  cookies = new CookieJar()
+  headers = new Headers()
+  body: BodyInit | undefined
+  status = 200
+
+  static next = () => {
+    return new MiddlewareResponse()
+  }
+
+  static redirect = (
+    location: string,
+    type: 'permanent' | 'temporary' = 'temporary'
+  ) => {
+    const res = new MiddlewareResponse()
+    res.headers.set('Location', location)
+    res.status = type === 'permanent' ? 301 : 302
+
+    return res
+  }
+
+  build = () => {
+    for (const [ckName, ckParams] of this.cookies) {
+      this.headers.append(
+        'Set-Cookie',
+        cookie.serialize(ckName, ckParams.value, ckParams.options)
+      )
+    }
+
+    return new Response(this.body, {
+      headers: this.headers,
+      status: this.status,
+    })
+  }
+}
diff --git a/yarn.lock b/yarn.lock
index 6f8001bd4a4e..0ee99554fb4b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -8846,6 +8846,7 @@ __metadata:
     "@redwoodjs/web": "npm:6.0.7"
     "@swc/core": "npm:1.3.60"
     "@types/busboy": "npm:^1"
+    "@types/cookie": "npm:^0"
     "@types/express": "npm:4"
     "@types/react": "npm:18.2.37"
     "@types/yargs-parser": "npm:21.0.3"
@@ -8854,6 +8855,7 @@ __metadata:
     acorn-loose: "npm:8.3.0"
     buffer: "npm:6.0.3"
     busboy: "npm:^1.6.0"
+    cookie: "npm:0.6.0"
     core-js: "npm:3.34.0"
     dotenv-defaults: "npm:5.0.2"
     express: "npm:4.18.2"
@@ -10842,6 +10844,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/cookie@npm:^0":
+  version: 0.6.0
+  resolution: "@types/cookie@npm:0.6.0"
+  checksum: 5b326bd0188120fb32c0be086b141b1481fec9941b76ad537f9110e10d61ee2636beac145463319c71e4be67a17e85b81ca9e13ceb6e3bb63b93d16824d6c149
+  languageName: node
+  linkType: hard
+
 "@types/cookie@npm:^0.4.1":
   version: 0.4.1
   resolution: "@types/cookie@npm:0.4.1"
@@ -15767,6 +15776,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"cookie@npm:0.6.0":
+  version: 0.6.0
+  resolution: "cookie@npm:0.6.0"
+  checksum: f2318b31af7a31b4ddb4a678d024514df5e705f9be5909a192d7f116cfb6d45cbacf96a473fa733faa95050e7cff26e7832bb3ef94751592f1387b71c8956686
+  languageName: node
+  linkType: hard
+
 "cookie@npm:^0.4.2":
   version: 0.4.2
   resolution: "cookie@npm:0.4.2"

From f0e0f38c0703fe80ff29c5bb7121b88a03c8e047 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Thu, 25 Jan 2024 01:29:24 +0700
Subject: [PATCH 04/34] Use subclassing to create MiddlewareRequest WIP: still
 failing with ArdaRequest

---
 .../src/middleware/MiddlewareRequest.test.ts  | 22 ++++++++++++++++++-
 .../vite/src/middleware/MiddlewareRequest.ts  | 15 +++++++------
 2 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/packages/vite/src/middleware/MiddlewareRequest.test.ts b/packages/vite/src/middleware/MiddlewareRequest.test.ts
index 1459921aef6b..651d21c53663 100644
--- a/packages/vite/src/middleware/MiddlewareRequest.test.ts
+++ b/packages/vite/src/middleware/MiddlewareRequest.test.ts
@@ -1,3 +1,4 @@
+import { Request as ArdaRequest } from '@whatwg-node/fetch'
 import { describe, expect, test } from 'vitest'
 
 import { createMiddlewareRequest } from './MiddlewareRequest'
@@ -15,10 +16,29 @@ describe('MiddlewareRequest', () => {
       },
     })
     const mReq = createMiddlewareRequest(req)
-    console.log(`👉 \n ~ mReq:`, mReq)
 
     expect(mReq.cookies.get('foo')).toStrictEqual({ value: 'bar' })
     expect(mReq.method).toStrictEqual('POST')
     expect(mReq.headers.get('Content-Type')).toStrictEqual('application/json')
   })
+
+  test('Converts whatwg-node/fetch Request object correctly', () => {
+    const req = new ArdaRequest('https://github.com/ardatan/whatwg-node', {
+      method: 'PUT',
+      body: JSON.stringify({
+        hello: 'world',
+      }),
+      headers: {
+        Cookie: 'everybody=lets-funk',
+        'X-Custom-Header': 'beatdrop',
+      },
+    })
+    const mReq = createMiddlewareRequest(req)
+
+    expect(mReq.cookies.get('everybody')).toStrictEqual({ value: 'lets-funk' })
+    expect(mReq.method).toStrictEqual('PUT')
+
+    // note the lower case header name
+    expect(mReq.headers.get('x-customer-header')).toStrictEqual('beatdrop')
+  })
 })
diff --git a/packages/vite/src/middleware/MiddlewareRequest.ts b/packages/vite/src/middleware/MiddlewareRequest.ts
index 2f1d31e7e0bc..29033fc8b333 100644
--- a/packages/vite/src/middleware/MiddlewareRequest.ts
+++ b/packages/vite/src/middleware/MiddlewareRequest.ts
@@ -12,9 +12,15 @@ class ContextJar {
   }
 }
 
-interface MiddlewareRequest extends Request {
+class MiddlewareRequest extends Request {
   cookies: CookieJar
   serverAuthContext: ContextJar
+
+  constructor(input: Request) {
+    super(input)
+    this.cookies = new CookieJar(this.headers.get('Cookie'))
+    this.serverAuthContext = new ContextJar()
+  }
 }
 
 /**
@@ -23,11 +29,6 @@ interface MiddlewareRequest extends Request {
  * (assuming that it is a new instance for each request)
  */
 export const createMiddlewareRequest = (req: Request) => {
-  const middlewareRequest: MiddlewareRequest = {
-    ...req,
-    cookies: new CookieJar(req.headers.get('Cookie')),
-    serverAuthContext: new ContextJar(),
-  }
-
+  const middlewareRequest = new MiddlewareRequest(req)
   return middlewareRequest
 }

From 07207bc7207bf0104ae94a131c9eeffd075bcc48 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Thu, 25 Jan 2024 01:43:43 +0700
Subject: [PATCH 05/34] WIP: Try extending WhatwgRequest instead

---
 .../src/middleware/MiddlewareRequest.test.ts  | 39 +++++++++++--------
 .../vite/src/middleware/MiddlewareRequest.ts  |  6 ++-
 2 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/packages/vite/src/middleware/MiddlewareRequest.test.ts b/packages/vite/src/middleware/MiddlewareRequest.test.ts
index 651d21c53663..1b135cd234dc 100644
--- a/packages/vite/src/middleware/MiddlewareRequest.test.ts
+++ b/packages/vite/src/middleware/MiddlewareRequest.test.ts
@@ -4,7 +4,7 @@ import { describe, expect, test } from 'vitest'
 import { createMiddlewareRequest } from './MiddlewareRequest'
 
 describe('MiddlewareRequest', () => {
-  test('Converts a Request object correctly', () => {
+  test('Converts a Web API Request object correctly', () => {
     const req = new Request('http://redwoodjs.com', {
       method: 'POST',
       body: JSON.stringify({
@@ -13,6 +13,7 @@ describe('MiddlewareRequest', () => {
       headers: {
         'Content-Type': 'application/json',
         Cookie: 'foo=bar',
+        'X-Custom-Header': 'sweet',
       },
     })
     const mReq = createMiddlewareRequest(req)
@@ -20,25 +21,31 @@ describe('MiddlewareRequest', () => {
     expect(mReq.cookies.get('foo')).toStrictEqual({ value: 'bar' })
     expect(mReq.method).toStrictEqual('POST')
     expect(mReq.headers.get('Content-Type')).toStrictEqual('application/json')
+
+    // note the lower case header name
+    expect(mReq.headers.get('x-custom-header')).toStrictEqual('sweet')
   })
 
-  test('Converts whatwg-node/fetch Request object correctly', () => {
-    const req = new ArdaRequest('https://github.com/ardatan/whatwg-node', {
-      method: 'PUT',
-      body: JSON.stringify({
-        hello: 'world',
-      }),
-      headers: {
-        Cookie: 'everybody=lets-funk',
-        'X-Custom-Header': 'beatdrop',
-      },
-    })
-    const mReq = createMiddlewareRequest(req)
+  test('Converts whatwg-node/fetch Request correctly', () => {
+    const whatWgRequest = new ArdaRequest(
+      'https://github.com/ardatan/whatwg-node',
+      {
+        method: 'PUT',
+        body: JSON.stringify({
+          hello: 'world',
+        }),
+        headers: {
+          Cookie: 'errybody=lets-funk',
+          'X-Custom-Header': 'beatdrop',
+        },
+      }
+    )
 
-    expect(mReq.cookies.get('everybody')).toStrictEqual({ value: 'lets-funk' })
+    const mReq = createMiddlewareRequest(whatWgRequest)
+
+    expect(mReq.cookies.get('errybody')).toStrictEqual({ value: 'lets-funk' })
     expect(mReq.method).toStrictEqual('PUT')
 
-    // note the lower case header name
-    expect(mReq.headers.get('x-customer-header')).toStrictEqual('beatdrop')
+    expect(mReq.headers.get('x-custom-header')).toStrictEqual('beatdrop')
   })
 })
diff --git a/packages/vite/src/middleware/MiddlewareRequest.ts b/packages/vite/src/middleware/MiddlewareRequest.ts
index 29033fc8b333..848354f4d4af 100644
--- a/packages/vite/src/middleware/MiddlewareRequest.ts
+++ b/packages/vite/src/middleware/MiddlewareRequest.ts
@@ -1,3 +1,5 @@
+import { Request as WhatWgRequest } from '@whatwg-node/fetch'
+
 import { CookieJar } from './CookieJar'
 
 class ContextJar {
@@ -12,13 +14,13 @@ class ContextJar {
   }
 }
 
-class MiddlewareRequest extends Request {
+class MiddlewareRequest extends WhatWgRequest {
   cookies: CookieJar
   serverAuthContext: ContextJar
 
   constructor(input: Request) {
     super(input)
-    this.cookies = new CookieJar(this.headers.get('Cookie'))
+    this.cookies = new CookieJar(input.headers.get('Cookie'))
     this.serverAuthContext = new ContextJar()
   }
 }

From eec9e3e1ec8ca4fb4a703ab9c06ad1381b095d26 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Thu, 25 Jan 2024 17:38:25 +0700
Subject: [PATCH 06/34] Bump whatwg versions

---
 packages/vite/package.json |  3 ++-
 yarn.lock                  | 25 +++++++++++++++++++++++--
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/packages/vite/package.json b/packages/vite/package.json
index 9887337bfdda..5d29cf968201 100644
--- a/packages/vite/package.json
+++ b/packages/vite/package.json
@@ -70,7 +70,8 @@
     "@redwoodjs/web": "6.0.7",
     "@swc/core": "1.3.60",
     "@vitejs/plugin-react": "4.2.1",
-    "@whatwg-node/server": "0.9.18",
+    "@whatwg-node/fetch": "0.9.15",
+    "@whatwg-node/server": "0.9.24",
     "acorn-loose": "8.3.0",
     "buffer": "6.0.3",
     "busboy": "^1.6.0",
diff --git a/yarn.lock b/yarn.lock
index 0ee99554fb4b..354716315903 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -8851,7 +8851,8 @@ __metadata:
     "@types/react": "npm:18.2.37"
     "@types/yargs-parser": "npm:21.0.3"
     "@vitejs/plugin-react": "npm:4.2.1"
-    "@whatwg-node/server": "npm:0.9.18"
+    "@whatwg-node/fetch": "npm:0.9.15"
+    "@whatwg-node/server": "npm:0.9.24"
     acorn-loose: "npm:8.3.0"
     buffer: "npm:6.0.3"
     busboy: "npm:^1.6.0"
@@ -12345,6 +12346,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@whatwg-node/fetch@npm:0.9.15":
+  version: 0.9.15
+  resolution: "@whatwg-node/fetch@npm:0.9.15"
+  dependencies:
+    "@whatwg-node/node-fetch": "npm:^0.5.0"
+    urlpattern-polyfill: "npm:^9.0.0"
+  checksum: 8e3e9692d709b4f379fde83fbb38ca64401e73026bbacca92585c7652170de629fe78303e83a45e83d2e26c5af2a6e754f858e3a0c88f9b392c49ff1b84aa080
+  languageName: node
+  linkType: hard
+
 "@whatwg-node/fetch@npm:^0.8.0, @whatwg-node/fetch@npm:^0.8.1, @whatwg-node/fetch@npm:^0.8.2":
   version: 0.8.8
   resolution: "@whatwg-node/fetch@npm:0.8.8"
@@ -12384,7 +12395,17 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@whatwg-node/server@npm:0.9.18, @whatwg-node/server@npm:^0.9.1":
+"@whatwg-node/server@npm:0.9.24":
+  version: 0.9.24
+  resolution: "@whatwg-node/server@npm:0.9.24"
+  dependencies:
+    "@whatwg-node/fetch": "npm:^0.9.10"
+    tslib: "npm:^2.3.1"
+  checksum: 2979d38de75bb66fe92e8157c3df28e78f4f458827228af23707a37a6ef16b415d3eb052f4431f3496749070620d1578267c729286ff239af31dd20f8ee22ef1
+  languageName: node
+  linkType: hard
+
+"@whatwg-node/server@npm:^0.9.1":
   version: 0.9.18
   resolution: "@whatwg-node/server@npm:0.9.18"
   dependencies:

From 8d64b1cd8eafedd0d86b757b4df428c8c6de06ee Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Thu, 25 Jan 2024 18:15:59 +0700
Subject: [PATCH 07/34] Add some more tests for MWReq, MWRes

---
 .../src/middleware/MiddlewareRequest.test.ts  | 15 ++++++++
 .../src/middleware/MiddlewareResponse.test.ts | 38 +++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 packages/vite/src/middleware/MiddlewareResponse.test.ts

diff --git a/packages/vite/src/middleware/MiddlewareRequest.test.ts b/packages/vite/src/middleware/MiddlewareRequest.test.ts
index 1b135cd234dc..fd3b819a2cda 100644
--- a/packages/vite/src/middleware/MiddlewareRequest.test.ts
+++ b/packages/vite/src/middleware/MiddlewareRequest.test.ts
@@ -48,4 +48,19 @@ describe('MiddlewareRequest', () => {
 
     expect(mReq.headers.get('x-custom-header')).toStrictEqual('beatdrop')
   })
+
+  test('Can attach and retrieve server auth context', () => {
+    const req = new Request('http://redwoodjs.com')
+    const FAKE_AUTH_CONTEXT = {
+      currentUser: {
+        name: 'Danny',
+      },
+      isAuthenticated: true,
+    }
+    const mReq = createMiddlewareRequest(req)
+
+    mReq.serverAuthContext.set(FAKE_AUTH_CONTEXT)
+
+    expect(mReq.serverAuthContext.get()).toStrictEqual(FAKE_AUTH_CONTEXT)
+  })
 })
diff --git a/packages/vite/src/middleware/MiddlewareResponse.test.ts b/packages/vite/src/middleware/MiddlewareResponse.test.ts
new file mode 100644
index 000000000000..8cc2a03dd5cc
--- /dev/null
+++ b/packages/vite/src/middleware/MiddlewareResponse.test.ts
@@ -0,0 +1,38 @@
+import { describe, expect, test } from 'vitest'
+
+import { MiddlewareResponse } from './MiddlewareResponse'
+
+describe('MiddlewareResponse', () => {
+  test('Can build a Web API Response object', () => {
+    const res = MiddlewareResponse.next().build()
+    expect(res.constructor.name).toStrictEqual('Response')
+    expect(res.status).toStrictEqual(200)
+    expect(res.ok).toStrictEqual(true)
+  })
+
+  test('Can attach headers to response', () => {
+    const mwRes = MiddlewareResponse.next()
+    mwRes.headers.set('X-Custom-Header', 'sweet')
+    mwRes.headers.append('Other-header', 'sweeter')
+
+    const builtResponse = mwRes.build()
+
+    expect(builtResponse.headers.get('X-Custom-Header')).toStrictEqual('sweet')
+    expect(builtResponse.headers.get('Other-header')).toStrictEqual('sweeter')
+  })
+
+  test('Can attach a cookie with CookieJar', () => {
+    const mwRes = MiddlewareResponse.next()
+    mwRes.cookies.set('token', 'hunter2', {
+      domain: 'redwoodjs.com',
+      path: '/',
+      httpOnly: true,
+    })
+
+    const builtResponse = mwRes.build()
+
+    expect(builtResponse.headers.get('Set-Cookie')).toStrictEqual(
+      'token=hunter2; Domain=redwoodjs.com; Path=/; HttpOnly'
+    )
+  })
+})

From 7e517403bf5be000ac5859cd59066f344ec5bff5 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 11:58:44 +0700
Subject: [PATCH 08/34] Update packages to make tests pass

---
 packages/vite/package.json |  2 +-
 yarn.lock                  | 41 +++++++++++++++++++++++++++++++-------
 2 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/packages/vite/package.json b/packages/vite/package.json
index 5d29cf968201..d16e63e6b5a8 100644
--- a/packages/vite/package.json
+++ b/packages/vite/package.json
@@ -70,7 +70,7 @@
     "@redwoodjs/web": "6.0.7",
     "@swc/core": "1.3.60",
     "@vitejs/plugin-react": "4.2.1",
-    "@whatwg-node/fetch": "0.9.15",
+    "@whatwg-node/fetch": "0.9.16",
     "@whatwg-node/server": "0.9.24",
     "acorn-loose": "8.3.0",
     "buffer": "6.0.3",
diff --git a/yarn.lock b/yarn.lock
index 3ccf122bc272..6698f1b413e7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5226,6 +5226,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@kamilkisiela/fast-url-parser@npm:^1.1.4":
+  version: 1.1.4
+  resolution: "@kamilkisiela/fast-url-parser@npm:1.1.4"
+  checksum: 2c85202cb4924720ac812c8bc06967fd5df4db759a68aa3acc2962b8cf9e2b3bc131de863f00473c0b0602df13891b35140f667a87eea04c9b897b6c1ae89c4a
+  languageName: node
+  linkType: hard
+
 "@leichtgewicht/ip-codec@npm:^2.0.1":
   version: 2.0.4
   resolution: "@leichtgewicht/ip-codec@npm:2.0.4"
@@ -8820,7 +8827,7 @@ __metadata:
     "@types/react": "npm:18.2.37"
     "@types/yargs-parser": "npm:21.0.3"
     "@vitejs/plugin-react": "npm:4.2.1"
-    "@whatwg-node/fetch": "npm:0.9.15"
+    "@whatwg-node/fetch": "npm:0.9.16"
     "@whatwg-node/server": "npm:0.9.24"
     acorn-loose: "npm:8.3.0"
     buffer: "npm:6.0.3"
@@ -12315,13 +12322,13 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@whatwg-node/fetch@npm:0.9.15":
-  version: 0.9.15
-  resolution: "@whatwg-node/fetch@npm:0.9.15"
+"@whatwg-node/fetch@npm:0.9.16":
+  version: 0.9.16
+  resolution: "@whatwg-node/fetch@npm:0.9.16"
   dependencies:
-    "@whatwg-node/node-fetch": "npm:^0.5.0"
-    urlpattern-polyfill: "npm:^9.0.0"
-  checksum: 8e3e9692d709b4f379fde83fbb38ca64401e73026bbacca92585c7652170de629fe78303e83a45e83d2e26c5af2a6e754f858e3a0c88f9b392c49ff1b84aa080
+    "@whatwg-node/node-fetch": "npm:^0.5.5"
+    urlpattern-polyfill: "npm:^10.0.0"
+  checksum: 757fd8560ee1a9ae404dafc43115eb37c72022c9bd3a30bc1c0028178cdece84d7378244fff4bad28ebbb3f2cc0b0b2ff738612824ed32bbd9dac49f5d0d5b42
   languageName: node
   linkType: hard
 
@@ -12364,6 +12371,19 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@whatwg-node/node-fetch@npm:^0.5.5":
+  version: 0.5.5
+  resolution: "@whatwg-node/node-fetch@npm:0.5.5"
+  dependencies:
+    "@kamilkisiela/fast-url-parser": "npm:^1.1.4"
+    "@whatwg-node/events": "npm:^0.1.0"
+    busboy: "npm:^1.6.0"
+    fast-querystring: "npm:^1.1.1"
+    tslib: "npm:^2.3.1"
+  checksum: e40964eb6d74847ff362136d4199a3f0dc4cb6596961b9a12fd5e3635410a28577609fb4879ef02909f7fad42c977d4b9a1f6715c48dc2272558c96d62ac6132
+  languageName: node
+  linkType: hard
+
 "@whatwg-node/server@npm:0.9.24":
   version: 0.9.24
   resolution: "@whatwg-node/server@npm:0.9.24"
@@ -33022,6 +33042,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"urlpattern-polyfill@npm:^10.0.0":
+  version: 10.0.0
+  resolution: "urlpattern-polyfill@npm:10.0.0"
+  checksum: 43593f2a89bd54f2d5b5105ef4896ac5c5db66aef723759fbd15cd5eb1ea6cdae9d112e257eda9bbc3fb0cd90be6ac6e9689abe4ca69caa33114f42a27363531
+  languageName: node
+  linkType: hard
+
 "urlpattern-polyfill@npm:^8.0.0":
   version: 8.0.2
   resolution: "urlpattern-polyfill@npm:8.0.2"

From 29cebfdb820ef1452059b04070b9e8e4b4475651 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 18:16:37 +0700
Subject: [PATCH 09/34] CookieJar unsetting a cookie CookieJar clearing a
 cookie

---
 .../vite/src/middleware/CookieJar.test.ts     | 31 +++++++++++++++++++
 packages/vite/src/middleware/CookieJar.ts     | 23 ++++++++++++--
 2 files changed, 51 insertions(+), 3 deletions(-)

diff --git a/packages/vite/src/middleware/CookieJar.test.ts b/packages/vite/src/middleware/CookieJar.test.ts
index 0da44aad92bc..7b5233ce252d 100644
--- a/packages/vite/src/middleware/CookieJar.test.ts
+++ b/packages/vite/src/middleware/CookieJar.test.ts
@@ -1,3 +1,6 @@
+/* eslint-disable @typescript-eslint/no-non-null-assertion */
+/* to keep the tests a little cleaner by using ! */
+
 import { describe, expect, test } from 'vitest'
 
 import { CookieJar } from './CookieJar'
@@ -48,5 +51,33 @@ describe('CookieJar', () => {
 
       expect(iterator.next().done).toBe(true)
     })
+
+    // @MARK: API convention worth discussing!
+    // Delete is a little special, it doesn't actually delete the cookie
+    // but sets it to expire and sets an empty value
+    test('delete', () => {
+      const myJar = new CookieJar('auth_provider=kittens; session=woof-124556')
+
+      myJar.delete('auth_provider')
+
+      const { value: authProviderValue, options: authProviderOptions } =
+        myJar.get('auth_provider')!
+
+      expect(authProviderValue).toBeFalsy()
+      expect(authProviderOptions!.expires).toStrictEqual(new Date(0))
+    })
+
+    test('clear All', () => {
+      const myJar = new CookieJar('auth_provider=kittens; session=woof-124556')
+      myJar.clear()
+      expect(myJar.size).toBe(0)
+    })
+
+    test('clear by name', () => {
+      const myJar = new CookieJar('auth_provider=kittens; session=woof-124556')
+      myJar.clear('session')
+      expect(myJar.size).toBe(1)
+      expect(myJar.get('session')).toBeUndefined()
+    })
   })
 })
diff --git a/packages/vite/src/middleware/CookieJar.ts b/packages/vite/src/middleware/CookieJar.ts
index e4f6578d3b7b..baf4fe8458a0 100644
--- a/packages/vite/src/middleware/CookieJar.ts
+++ b/packages/vite/src/middleware/CookieJar.ts
@@ -46,12 +46,29 @@ export class CookieJar {
     return this.map.has(name)
   }
 
+  /**
+   * Won't delete a cookie from the jar, but will set it to expire
+   * and set an empty value
+   */
   public delete(name: string) {
-    return this.map.delete(name)
+    return this.map.set(name, {
+      value: '',
+      options: {
+        expires: new Date(0),
+      },
+    })
   }
 
-  public clear() {
-    this.map.clear()
+  /**
+   * Clear all cookies, or remove a specific cookie
+   * from the jar.
+   */
+  public clear(name?: string) {
+    if (name) {
+      this.map.delete(name)
+    } else {
+      this.map.clear()
+    }
   }
 
   public entries() {

From 65f221a216eef6ca10a7bd7ddbae8c200172a051 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 18:16:47 +0700
Subject: [PATCH 10/34] Add test for multiple set cookies

---
 .../vite/src/middleware/MiddlewareResponse.test.ts    | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/packages/vite/src/middleware/MiddlewareResponse.test.ts b/packages/vite/src/middleware/MiddlewareResponse.test.ts
index 8cc2a03dd5cc..c47da6d2cbc5 100644
--- a/packages/vite/src/middleware/MiddlewareResponse.test.ts
+++ b/packages/vite/src/middleware/MiddlewareResponse.test.ts
@@ -29,10 +29,15 @@ describe('MiddlewareResponse', () => {
       httpOnly: true,
     })
 
+    mwRes.cookies.set('monster', 'nomnomnom', {
+      domain: 'redwoodjs.com',
+    })
+
     const builtResponse = mwRes.build()
 
-    expect(builtResponse.headers.get('Set-Cookie')).toStrictEqual(
-      'token=hunter2; Domain=redwoodjs.com; Path=/; HttpOnly'
-    )
+    expect(builtResponse.headers.getSetCookie()).toStrictEqual([
+      'token=hunter2; Domain=redwoodjs.com; Path=/; HttpOnly',
+      'monster=nomnomnom; Domain=redwoodjs.com',
+    ])
   })
 })

From 4a82d78cd79edb43198287d184fddb51ac67b97b Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 19:49:27 +0700
Subject: [PATCH 11/34] Remove old encrypted session from ServerAuthState

---
 packages/auth/src/AuthProvider/ServerAuthProvider.tsx | 2 --
 1 file changed, 2 deletions(-)

diff --git a/packages/auth/src/AuthProvider/ServerAuthProvider.tsx b/packages/auth/src/AuthProvider/ServerAuthProvider.tsx
index b1e21150fc67..954e62441ed3 100644
--- a/packages/auth/src/AuthProvider/ServerAuthProvider.tsx
+++ b/packages/auth/src/AuthProvider/ServerAuthProvider.tsx
@@ -5,8 +5,6 @@ import type { AuthProviderState } from './AuthProviderState'
 import { defaultAuthProviderState } from './AuthProviderState'
 
 export type ServerAuthState = AuthProviderState<never> & {
-  // Used by AuthProvider in getToken. We can probably remove this
-  encryptedSession?: string | null
   cookieHeader?: string
 }
 

From 85ba98c89f01fa7a7c4ce193fb159613c5140c2f Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 19:49:40 +0700
Subject: [PATCH 12/34] Export middleware classes

---
 packages/vite/package.json            | 6 +++++-
 packages/vite/src/middleware/index.ts | 3 +++
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 packages/vite/src/middleware/index.ts

diff --git a/packages/vite/package.json b/packages/vite/package.json
index d16e63e6b5a8..04f9ae77f3d6 100644
--- a/packages/vite/package.json
+++ b/packages/vite/package.json
@@ -42,7 +42,11 @@
       "types": "./dist/react-server-dom-webpack/node-loader.d.ts",
       "default": "./dist/react-server-dom-webpack/node-loader.js"
     },
-    "./bins/rw-vite-build.mjs": "./bins/rw-vite-build.mjs"
+    "./bins/rw-vite-build.mjs": "./bins/rw-vite-build.mjs",
+    "./middleware": {
+      "types": "./dist/middleware/index.d.ts",
+      "default": "./dist/middleware/index.js"
+    }
   },
   "bin": {
     "rw-dev-fe": "./dist/devFeServer.js",
diff --git a/packages/vite/src/middleware/index.ts b/packages/vite/src/middleware/index.ts
new file mode 100644
index 000000000000..56b9ba2f96c4
--- /dev/null
+++ b/packages/vite/src/middleware/index.ts
@@ -0,0 +1,3 @@
+export * from './CookieJar'
+export * from './MiddlewareRequest'
+export * from './MiddlewareResponse'

From e579c9db37a6900e1102e64b08b5807fa7cec409 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 19:50:00 +0700
Subject: [PATCH 13/34] Fix TS errors in apollo

---
 packages/web/src/apollo/links.tsx    | 1 -
 packages/web/src/apollo/suspense.tsx | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/packages/web/src/apollo/links.tsx b/packages/web/src/apollo/links.tsx
index 7ed5564e0db3..bef48bf2321d 100644
--- a/packages/web/src/apollo/links.tsx
+++ b/packages/web/src/apollo/links.tsx
@@ -136,7 +136,6 @@ export type RedwoodApolloLinks = Array<
   | RedwoodApolloLink<'authMiddleware'>
   | RedwoodApolloLink<'enhanceErrorLink'>
   | RedwoodApolloLink<'httpLink', HttpLink>
-  | null
 >
 
 export type RedwoodApolloLinkFactory = (links: RedwoodApolloLinks) => ApolloLink
diff --git a/packages/web/src/apollo/suspense.tsx b/packages/web/src/apollo/suspense.tsx
index f8544a2974b9..588a9846b11e 100644
--- a/packages/web/src/apollo/suspense.tsx
+++ b/packages/web/src/apollo/suspense.tsx
@@ -154,7 +154,7 @@ const ApolloProviderWithFetchConfig: React.FunctionComponent<{
       name: 'authMiddleware',
       link: createAuthApolloLink(authProviderType, headers),
     },
-    // ~~~~ @END REMOVE ~~~~±±±±±
+    // ~~~~ @END REMOVE ~~~~
     isDev && { name: 'enhanceErrorLink', link: createUpdateDataLink() },
     {
       name: 'httpLink',

From 93eaaddfaed56d81658be693c549f5ba85e1f3ec Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 19:50:28 +0700
Subject: [PATCH 14/34] Improve implementations of mwReq and mwRes

---
 packages/vite/src/middleware/MiddlewareRequest.ts | 14 ++++++++++----
 .../src/middleware/MiddlewareResponse.test.ts     | 15 +++++++++++----
 .../vite/src/middleware/MiddlewareResponse.ts     | 15 +++++++++++++--
 3 files changed, 34 insertions(+), 10 deletions(-)

diff --git a/packages/vite/src/middleware/MiddlewareRequest.ts b/packages/vite/src/middleware/MiddlewareRequest.ts
index 848354f4d4af..f35d9fc75160 100644
--- a/packages/vite/src/middleware/MiddlewareRequest.ts
+++ b/packages/vite/src/middleware/MiddlewareRequest.ts
@@ -1,9 +1,15 @@
 import { Request as WhatWgRequest } from '@whatwg-node/fetch'
 
+import type { ServerAuthState } from '@redwoodjs/auth'
+
 import { CookieJar } from './CookieJar'
 
-class ContextJar {
-  private _data = {}
+class ContextJar<T> {
+  private _data: T
+
+  constructor(data?: T) {
+    this._data = data as T
+  }
 
   get() {
     return this._data
@@ -14,9 +20,9 @@ class ContextJar {
   }
 }
 
-class MiddlewareRequest extends WhatWgRequest {
+export class MiddlewareRequest extends WhatWgRequest {
   cookies: CookieJar
-  serverAuthContext: ContextJar
+  serverAuthContext: ContextJar<ServerAuthState>
 
   constructor(input: Request) {
     super(input)
diff --git a/packages/vite/src/middleware/MiddlewareResponse.test.ts b/packages/vite/src/middleware/MiddlewareResponse.test.ts
index c47da6d2cbc5..8119a3f55620 100644
--- a/packages/vite/src/middleware/MiddlewareResponse.test.ts
+++ b/packages/vite/src/middleware/MiddlewareResponse.test.ts
@@ -1,11 +1,12 @@
+import { Response as PonyfillResponse } from '@whatwg-node/fetch'
 import { describe, expect, test } from 'vitest'
 
 import { MiddlewareResponse } from './MiddlewareResponse'
 
 describe('MiddlewareResponse', () => {
   test('Can build a Web API Response object', () => {
-    const res = MiddlewareResponse.next().build()
-    expect(res.constructor.name).toStrictEqual('Response')
+    const res = new MiddlewareResponse().toResponse()
+    expect(res instanceof PonyfillResponse).toBe(true)
     expect(res.status).toStrictEqual(200)
     expect(res.ok).toStrictEqual(true)
   })
@@ -15,7 +16,7 @@ describe('MiddlewareResponse', () => {
     mwRes.headers.set('X-Custom-Header', 'sweet')
     mwRes.headers.append('Other-header', 'sweeter')
 
-    const builtResponse = mwRes.build()
+    const builtResponse = mwRes.toResponse()
 
     expect(builtResponse.headers.get('X-Custom-Header')).toStrictEqual('sweet')
     expect(builtResponse.headers.get('Other-header')).toStrictEqual('sweeter')
@@ -33,11 +34,17 @@ describe('MiddlewareResponse', () => {
       domain: 'redwoodjs.com',
     })
 
-    const builtResponse = mwRes.build()
+    const builtResponse = mwRes.toResponse()
 
     expect(builtResponse.headers.getSetCookie()).toStrictEqual([
       'token=hunter2; Domain=redwoodjs.com; Path=/; HttpOnly',
       'monster=nomnomnom; Domain=redwoodjs.com',
     ])
   })
+
+  test('Constructs redirects correctly', () => {
+    const tempRedirect = MiddlewareResponse.redirect('/somewhere')
+    expect(tempRedirect.isRedirect()).toStrictEqual(true)
+    expect(tempRedirect.toResponse().status).toStrictEqual(302)
+  })
 })
diff --git a/packages/vite/src/middleware/MiddlewareResponse.ts b/packages/vite/src/middleware/MiddlewareResponse.ts
index 95a6e933b259..6208a8def691 100644
--- a/packages/vite/src/middleware/MiddlewareResponse.ts
+++ b/packages/vite/src/middleware/MiddlewareResponse.ts
@@ -1,3 +1,4 @@
+import { Response } from '@whatwg-node/fetch'
 import cookie from 'cookie'
 
 import { CookieJar } from './CookieJar'
@@ -9,9 +10,15 @@ import { CookieJar } from './CookieJar'
 export class MiddlewareResponse {
   cookies = new CookieJar()
   headers = new Headers()
-  body: BodyInit | undefined
+  body: BodyInit | null | undefined
   status = 200
 
+  constructor(body?: BodyInit | null, init?: ResponseInit) {
+    this.body = body
+    this.headers = new Headers(init?.headers)
+    this.status = init?.status || 200
+  }
+
   static next = () => {
     return new MiddlewareResponse()
   }
@@ -27,7 +34,11 @@ export class MiddlewareResponse {
     return res
   }
 
-  build = () => {
+  isRedirect = () => {
+    return this.status === 301 || this.status === 302
+  }
+
+  toResponse = () => {
     for (const [ckName, ckParams] of this.cookies) {
       this.headers.append(
         'Set-Cookie',

From 9c01b3e52ebdbcd3988f1e3e310f6583a68456f4 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 19:51:00 +0700
Subject: [PATCH 15/34] Use classes while invoking middleware

---
 .../streaming/createReactStreamingHandler.ts  | 41 +++++++++++++------
 packages/vite/src/streaming/streamHelpers.ts  | 26 +++++++-----
 2 files changed, 44 insertions(+), 23 deletions(-)

diff --git a/packages/vite/src/streaming/createReactStreamingHandler.ts b/packages/vite/src/streaming/createReactStreamingHandler.ts
index 6fd5e6cd3bf0..efc5700ab2da 100644
--- a/packages/vite/src/streaming/createReactStreamingHandler.ts
+++ b/packages/vite/src/streaming/createReactStreamingHandler.ts
@@ -3,12 +3,16 @@ import path from 'path'
 import isbot from 'isbot'
 import type { ViteDevServer } from 'vite'
 
+import type { ServerAuthState } from '@redwoodjs/auth'
 import { defaultAuthProviderState } from '@redwoodjs/auth'
 import type { RWRouteManifestItem } from '@redwoodjs/internal'
 import { getAppRouteHook, getConfig, getPaths } from '@redwoodjs/project-config'
 import { matchPath } from '@redwoodjs/router'
 import type { TagDescriptor } from '@redwoodjs/web'
 
+import { createMiddlewareRequest } from '../middleware/MiddlewareRequest'
+import { MiddlewareResponse } from '../middleware/MiddlewareResponse'
+
 import { reactRenderToStreamResponse } from './streamHelpers'
 import { loadAndRunRouteHooks } from './triggerRouteHooks'
 
@@ -69,8 +73,6 @@ export const createReactStreamingHandler = async (
       })
     }
 
-    const decodedAuthState = defaultAuthProviderState
-
     // Do this inside the handler for **dev-only**.
     // This makes sure that changes to entry-server are picked up on refresh
     if (!isProd) {
@@ -80,23 +82,37 @@ export const createReactStreamingHandler = async (
       fallbackDocumentImport = await viteDevServer.ssrLoadModule(
         rwPaths.web.document
       )
+    }
 
-      const middleware = entryServerImport.middleware
+    // ~~~ Middleware Handling ~~~
+    const { middleware } = entryServerImport
+    let mwResponse: MiddlewareResponse = MiddlewareResponse.next()
+    let decodedAuthState: ServerAuthState = defaultAuthProviderState
 
-      // @TODO (1) construct MWRequest Object here from req
-      // Req.context
+    if (middleware) {
+      try {
+        const mwReq = createMiddlewareRequest(req)
+        const mwOutput = await middleware(mwReq)
 
-      if (middleware) {
-        try {
-          // @TODO (2): Get the MWResponseBuilder and create a response from it
-          // if its a Redirect, you can just respond here.
-          // const mwResponse = await middleware(req)
-        } catch (e) {
-          console.error('Whooopsie, error in middleware', e)
+        // Possible to return nothing from MW
+        if (mwOutput) {
+          mwResponse = mwOutput
         }
+
+        decodedAuthState = mwReq.serverAuthContext.get()
+      } catch (e) {
+        console.error('Whooopsie, error in middleware', e)
       }
     }
 
+    // If mwResponse is a redirect, short-circuit here, and skip react rendering
+    // @TODO should we also check if its a full response object? Next allows this... just to maintain symmetry
+    if (mwResponse.isRedirect()) {
+      return mwResponse.toResponse()
+    }
+
+    // ~~~ Middleware Handling ~~~
+
     const ServerEntry =
       entryServerImport.ServerEntry || entryServerImport.default
 
@@ -144,6 +160,7 @@ export const createReactStreamingHandler = async (
     const cssLinks = getStylesheetLinks()
 
     const reactResponse = await reactRenderToStreamResponse(
+      mwResponse,
       {
         ServerEntry,
         FallbackDocument,
diff --git a/packages/vite/src/streaming/streamHelpers.ts b/packages/vite/src/streaming/streamHelpers.ts
index 9c5a0cc81c03..53f9082cf5f6 100644
--- a/packages/vite/src/streaming/streamHelpers.ts
+++ b/packages/vite/src/streaming/streamHelpers.ts
@@ -17,6 +17,8 @@ import {
   createInjector,
 } from '@redwoodjs/web/dist/components/ServerInject'
 
+import type { MiddlewareResponse } from '../middleware/MiddlewareResponse'
+
 import { createBufferedTransformStream } from './transforms/bufferedTransform'
 import { createTimeoutTransform } from './transforms/cancelTimeoutTransform'
 import { createServerInjectionTransform } from './transforms/serverInjectionTransform'
@@ -38,6 +40,7 @@ interface StreamOptions {
 }
 
 export async function reactRenderToStreamResponse(
+  mwRes: MiddlewareResponse,
   renderOptions: RenderToStreamArgs,
   streamOptions: StreamOptions
 ) {
@@ -151,7 +154,6 @@ export async function reactRenderToStreamResponse(
     // @NOTE: very important that we await this before we apply any transforms
     if (waitForAllReady) {
       await reactStream.allReady
-      clearTimeout(timeoutHandle)
     }
 
     const transformsToApply = [
@@ -165,16 +167,15 @@ export async function reactRenderToStreamResponse(
       transformsToApply
     )
 
-    return new Response(outputStream, {
-      status: didErrorOutsideShell ? 500 : 200, // I think better right? Prevents caching a bad page
-      headers: { 'content-type': 'text/html' },
-    })
+    mwRes.status = didErrorOutsideShell ? 500 : 200
+    mwRes.body = outputStream
+    mwRes.headers.set('content-type', 'text/html')
+
+    return mwRes.toResponse()
   } catch (e) {
     console.error('🔻 Failed to render shell')
     streamOptions.onError?.(e as Error)
 
-    clearTimeout(timeoutHandle)
-
     // @TODO Asking for clarification from React team. Their documentation on this is incomplete I think.
     // Having the Document (and bootstrap scripts) here allows client to recover from errors in the shell
     // To test this, throw an error in the App on the server only
@@ -187,10 +188,13 @@ export async function reactRenderToStreamResponse(
       bootstrapOptions
     )
 
-    return new Response(fallbackShell, {
-      status: 500,
-      headers: { 'content-type': 'text/html' },
-    })
+    mwRes.status = 500
+    mwRes.body = fallbackShell
+    mwRes.headers.set('content-type', 'text/html')
+
+    return mwRes.toResponse()
+  } finally {
+    clearTimeout(timeoutHandle)
   }
 }
 function applyStreamTransforms(

From 57e7cb4ae2580ee81b3c8bcd4122bccf3195febc Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 20:00:22 +0700
Subject: [PATCH 16/34] Update mRes implementation WIP: Why is vitest failing?

---
 packages/vite/src/middleware/MiddlewareResponse.test.ts    | 4 ++--
 packages/vite/src/middleware/MiddlewareResponse.ts         | 4 ++--
 packages/vite/src/streaming/createReactStreamingHandler.ts | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/packages/vite/src/middleware/MiddlewareResponse.test.ts b/packages/vite/src/middleware/MiddlewareResponse.test.ts
index 8119a3f55620..cc2ca56b15e5 100644
--- a/packages/vite/src/middleware/MiddlewareResponse.test.ts
+++ b/packages/vite/src/middleware/MiddlewareResponse.test.ts
@@ -1,4 +1,4 @@
-import { Response as PonyfillResponse } from '@whatwg-node/fetch'
+// import { Response as PonyfillResponse } from '@whatwg-node/fetch'
 import { describe, expect, test } from 'vitest'
 
 import { MiddlewareResponse } from './MiddlewareResponse'
@@ -6,7 +6,7 @@ import { MiddlewareResponse } from './MiddlewareResponse'
 describe('MiddlewareResponse', () => {
   test('Can build a Web API Response object', () => {
     const res = new MiddlewareResponse().toResponse()
-    expect(res instanceof PonyfillResponse).toBe(true)
+    // expect(res instanceof PonyfillResponse).toBe(true)
     expect(res.status).toStrictEqual(200)
     expect(res.ok).toStrictEqual(true)
   })
diff --git a/packages/vite/src/middleware/MiddlewareResponse.ts b/packages/vite/src/middleware/MiddlewareResponse.ts
index 6208a8def691..347ee033dea2 100644
--- a/packages/vite/src/middleware/MiddlewareResponse.ts
+++ b/packages/vite/src/middleware/MiddlewareResponse.ts
@@ -1,4 +1,4 @@
-import { Response } from '@whatwg-node/fetch'
+import { Response as PonyResponse } from '@whatwg-node/fetch'
 import cookie from 'cookie'
 
 import { CookieJar } from './CookieJar'
@@ -46,7 +46,7 @@ export class MiddlewareResponse {
       )
     }
 
-    return new Response(this.body, {
+    return new PonyResponse(this.body, {
       headers: this.headers,
       status: this.status,
     })
diff --git a/packages/vite/src/streaming/createReactStreamingHandler.ts b/packages/vite/src/streaming/createReactStreamingHandler.ts
index efc5700ab2da..d09dcd083fe3 100644
--- a/packages/vite/src/streaming/createReactStreamingHandler.ts
+++ b/packages/vite/src/streaming/createReactStreamingHandler.ts
@@ -1,5 +1,6 @@
 import path from 'path'
 
+import { Response } from '@whatwg-node/fetch'
 import isbot from 'isbot'
 import type { ViteDevServer } from 'vite'
 

From 80909680c7eaec00b96e01cff1e4cfe42b4711af Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 20:11:47 +0700
Subject: [PATCH 17/34] Consistent version of whatwg fetch

---
 packages/api/package.json            |  2 +-
 packages/codemods/package.json       |  2 +-
 packages/graphql-server/package.json |  2 +-
 packages/prerender/package.json      |  2 +-
 packages/telemetry/package.json      |  2 +-
 yarn.lock                            | 30 ++++++++++++++--------------
 6 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/packages/api/package.json b/packages/api/package.json
index e2e244070be9..b489e2973c31 100644
--- a/packages/api/package.json
+++ b/packages/api/package.json
@@ -34,7 +34,7 @@
   "dependencies": {
     "@babel/runtime-corejs3": "7.23.6",
     "@prisma/client": "5.7.0",
-    "@whatwg-node/fetch": "0.9.14",
+    "@whatwg-node/fetch": "0.9.16",
     "core-js": "3.34.0",
     "humanize-string": "2.1.0",
     "jsonwebtoken": "9.0.2",
diff --git a/packages/codemods/package.json b/packages/codemods/package.json
index 79e9c3400b49..05af12d049f6 100644
--- a/packages/codemods/package.json
+++ b/packages/codemods/package.json
@@ -34,7 +34,7 @@
     "@svgr/core": "8.0.0",
     "@svgr/plugin-jsx": "8.0.1",
     "@vscode/ripgrep": "1.15.6",
-    "@whatwg-node/fetch": "0.9.14",
+    "@whatwg-node/fetch": "0.9.16",
     "cheerio": "1.0.0-rc.12",
     "core-js": "3.34.0",
     "deepmerge": "4.3.1",
diff --git a/packages/graphql-server/package.json b/packages/graphql-server/package.json
index 8fed8a5e6f05..600478e2d0ba 100644
--- a/packages/graphql-server/package.json
+++ b/packages/graphql-server/package.json
@@ -55,7 +55,7 @@
     "@types/jsonwebtoken": "9.0.5",
     "@types/lodash": "4.14.201",
     "@types/uuid": "9.0.7",
-    "@whatwg-node/fetch": "0.9.14",
+    "@whatwg-node/fetch": "0.9.16",
     "aws-lambda": "1.0.7",
     "jest": "29.7.0",
     "jsonwebtoken": "9.0.2",
diff --git a/packages/prerender/package.json b/packages/prerender/package.json
index 167d8d09b6c4..4193a807f64b 100644
--- a/packages/prerender/package.json
+++ b/packages/prerender/package.json
@@ -32,7 +32,7 @@
     "@redwoodjs/router": "6.0.7",
     "@redwoodjs/structure": "6.0.7",
     "@redwoodjs/web": "6.0.7",
-    "@whatwg-node/fetch": "0.9.14",
+    "@whatwg-node/fetch": "0.9.16",
     "babel-plugin-ignore-html-and-css-imports": "0.1.0",
     "cheerio": "1.0.0-rc.12",
     "core-js": "3.34.0",
diff --git a/packages/telemetry/package.json b/packages/telemetry/package.json
index a834e77395a5..72d7e8784bbf 100644
--- a/packages/telemetry/package.json
+++ b/packages/telemetry/package.json
@@ -25,7 +25,7 @@
     "@babel/runtime-corejs3": "7.23.6",
     "@redwoodjs/project-config": "6.0.7",
     "@redwoodjs/structure": "6.0.7",
-    "@whatwg-node/fetch": "0.9.14",
+    "@whatwg-node/fetch": "0.9.16",
     "ci-info": "4.0.0",
     "core-js": "3.34.0",
     "envinfo": "7.11.0",
diff --git a/yarn.lock b/yarn.lock
index 6698f1b413e7..ebb1c0c7a9ab 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7564,7 +7564,7 @@ __metadata:
     "@types/memjs": "npm:1"
     "@types/pascalcase": "npm:1.0.3"
     "@types/split2": "npm:4.2.3"
-    "@whatwg-node/fetch": "npm:0.9.14"
+    "@whatwg-node/fetch": "npm:0.9.16"
     core-js: "npm:3.34.0"
     humanize-string: "npm:2.1.0"
     jsonwebtoken: "npm:9.0.2"
@@ -8235,7 +8235,7 @@ __metadata:
     "@types/prettier": "npm:2.7.3"
     "@types/yargs": "npm:17.0.32"
     "@vscode/ripgrep": "npm:1.15.6"
-    "@whatwg-node/fetch": "npm:0.9.14"
+    "@whatwg-node/fetch": "npm:0.9.16"
     cheerio: "npm:1.0.0-rc.12"
     core-js: "npm:3.34.0"
     deepmerge: "npm:4.3.1"
@@ -8446,7 +8446,7 @@ __metadata:
     "@types/jsonwebtoken": "npm:9.0.5"
     "@types/lodash": "npm:4.14.201"
     "@types/uuid": "npm:9.0.7"
-    "@whatwg-node/fetch": "npm:0.9.14"
+    "@whatwg-node/fetch": "npm:0.9.16"
     aws-lambda: "npm:1.0.7"
     core-js: "npm:3.34.0"
     graphql: "npm:16.8.1"
@@ -8602,7 +8602,7 @@ __metadata:
     "@redwoodjs/structure": "npm:6.0.7"
     "@redwoodjs/web": "npm:6.0.7"
     "@types/mime-types": "npm:2.1.4"
-    "@whatwg-node/fetch": "npm:0.9.14"
+    "@whatwg-node/fetch": "npm:0.9.16"
     babel-plugin-ignore-html-and-css-imports: "npm:0.1.0"
     babel-plugin-tester: "npm:11.0.4"
     cheerio: "npm:1.0.0-rc.12"
@@ -8750,7 +8750,7 @@ __metadata:
     "@types/envinfo": "npm:7.8.3"
     "@types/uuid": "npm:9.0.7"
     "@types/yargs": "npm:17.0.32"
-    "@whatwg-node/fetch": "npm:0.9.14"
+    "@whatwg-node/fetch": "npm:0.9.16"
     ci-info: "npm:4.0.0"
     core-js: "npm:3.34.0"
     envinfo: "npm:7.11.0"
@@ -12312,16 +12312,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@whatwg-node/fetch@npm:0.9.14, @whatwg-node/fetch@npm:^0.9.10, @whatwg-node/fetch@npm:^0.9.7":
-  version: 0.9.14
-  resolution: "@whatwg-node/fetch@npm:0.9.14"
-  dependencies:
-    "@whatwg-node/node-fetch": "npm:^0.5.0"
-    urlpattern-polyfill: "npm:^9.0.0"
-  checksum: cb91d18c744e0d01c2f8d7982f961258a43b54baa8680ed6291a257f85e5ace1b68fc74105eebebd96b4450648fbaec98d91a434c1142da44acf928c41842d58
-  languageName: node
-  linkType: hard
-
 "@whatwg-node/fetch@npm:0.9.16":
   version: 0.9.16
   resolution: "@whatwg-node/fetch@npm:0.9.16"
@@ -12345,6 +12335,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@whatwg-node/fetch@npm:^0.9.10, @whatwg-node/fetch@npm:^0.9.7":
+  version: 0.9.14
+  resolution: "@whatwg-node/fetch@npm:0.9.14"
+  dependencies:
+    "@whatwg-node/node-fetch": "npm:^0.5.0"
+    urlpattern-polyfill: "npm:^9.0.0"
+  checksum: cb91d18c744e0d01c2f8d7982f961258a43b54baa8680ed6291a257f85e5ace1b68fc74105eebebd96b4450648fbaec98d91a434c1142da44acf928c41842d58
+  languageName: node
+  linkType: hard
+
 "@whatwg-node/node-fetch@npm:^0.3.6":
   version: 0.3.6
   resolution: "@whatwg-node/node-fetch@npm:0.3.6"

From cc16e07eb53bfc73b5b4a5842d389152dd315430 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 20:14:11 +0700
Subject: [PATCH 18/34] Readd commented line

---
 packages/vite/src/middleware/MiddlewareResponse.test.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/vite/src/middleware/MiddlewareResponse.test.ts b/packages/vite/src/middleware/MiddlewareResponse.test.ts
index cc2ca56b15e5..8119a3f55620 100644
--- a/packages/vite/src/middleware/MiddlewareResponse.test.ts
+++ b/packages/vite/src/middleware/MiddlewareResponse.test.ts
@@ -1,4 +1,4 @@
-// import { Response as PonyfillResponse } from '@whatwg-node/fetch'
+import { Response as PonyfillResponse } from '@whatwg-node/fetch'
 import { describe, expect, test } from 'vitest'
 
 import { MiddlewareResponse } from './MiddlewareResponse'
@@ -6,7 +6,7 @@ import { MiddlewareResponse } from './MiddlewareResponse'
 describe('MiddlewareResponse', () => {
   test('Can build a Web API Response object', () => {
     const res = new MiddlewareResponse().toResponse()
-    // expect(res instanceof PonyfillResponse).toBe(true)
+    expect(res instanceof PonyfillResponse).toBe(true)
     expect(res.status).toStrictEqual(200)
     expect(res.ok).toStrictEqual(true)
   })

From 9b27895ba268e20f858ec15d11672dd96ed616a0 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 20:18:17 +0700
Subject: [PATCH 19/34] Add test for constructor and perm redirects

---
 .../src/middleware/MiddlewareResponse.test.ts | 30 +++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/packages/vite/src/middleware/MiddlewareResponse.test.ts b/packages/vite/src/middleware/MiddlewareResponse.test.ts
index 8119a3f55620..76e765584585 100644
--- a/packages/vite/src/middleware/MiddlewareResponse.test.ts
+++ b/packages/vite/src/middleware/MiddlewareResponse.test.ts
@@ -4,6 +4,20 @@ import { describe, expect, test } from 'vitest'
 import { MiddlewareResponse } from './MiddlewareResponse'
 
 describe('MiddlewareResponse', () => {
+  test('constructor', () => {
+    const res = new MiddlewareResponse('Bazinga', {
+      headers: {
+        beep: 'boop',
+        computer: 'says no',
+      },
+      status: 418,
+    }).toResponse()
+
+    expect(res.headers.get('beep')).toStrictEqual('boop')
+    expect(res.headers.get('computer')).toStrictEqual('says no')
+    expect(res.status).toStrictEqual(418)
+  })
+
   test('Can build a Web API Response object', () => {
     const res = new MiddlewareResponse().toResponse()
     expect(res instanceof PonyfillResponse).toBe(true)
@@ -23,7 +37,7 @@ describe('MiddlewareResponse', () => {
   })
 
   test('Can attach a cookie with CookieJar', () => {
-    const mwRes = MiddlewareResponse.next()
+    const mwRes = new MiddlewareResponse()
     mwRes.cookies.set('token', 'hunter2', {
       domain: 'redwoodjs.com',
       path: '/',
@@ -42,9 +56,21 @@ describe('MiddlewareResponse', () => {
     ])
   })
 
-  test('Constructs redirects correctly', () => {
+  test('Constructs temporary redirects correctly', () => {
     const tempRedirect = MiddlewareResponse.redirect('/somewhere')
     expect(tempRedirect.isRedirect()).toStrictEqual(true)
     expect(tempRedirect.toResponse().status).toStrictEqual(302)
+    expect(tempRedirect.toResponse().headers.get('location')).toStrictEqual(
+      '/somewhere'
+    )
+  })
+
+  test('Constructs permanent redirects correctly', () => {
+    const permRedirect = MiddlewareResponse.redirect('/bye', 'permanent')
+    expect(permRedirect.isRedirect()).toStrictEqual(true)
+    expect(permRedirect.toResponse().status).toStrictEqual(301)
+    expect(permRedirect.toResponse().headers.get('location')).toStrictEqual(
+      '/bye'
+    )
   })
 })

From bfb39ff07b84de4a14fb0ec3bef83ca36fe8d8a4 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 21:45:15 +0700
Subject: [PATCH 20/34] Send Response back from rwmw endpoint

---
 packages/vite/src/devFeServer.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/vite/src/devFeServer.ts b/packages/vite/src/devFeServer.ts
index 04b826736001..03ae3c01d0e0 100644
--- a/packages/vite/src/devFeServer.ts
+++ b/packages/vite/src/devFeServer.ts
@@ -101,7 +101,7 @@ async function createServer() {
         }
 
         // @TODO: We should check the type of resposne here I guess
-        return out
+        return out.toResponse()
       })
     )
   }

From 4717aae623717b2bf9f1edafbc3bd254f2b65d43 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 21:45:29 +0700
Subject: [PATCH 21/34] Default auth state in serverAuthContext

---
 packages/vite/src/middleware/MiddlewareRequest.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/vite/src/middleware/MiddlewareRequest.ts b/packages/vite/src/middleware/MiddlewareRequest.ts
index f35d9fc75160..33cbf7e8161c 100644
--- a/packages/vite/src/middleware/MiddlewareRequest.ts
+++ b/packages/vite/src/middleware/MiddlewareRequest.ts
@@ -1,6 +1,6 @@
 import { Request as WhatWgRequest } from '@whatwg-node/fetch'
 
-import type { ServerAuthState } from '@redwoodjs/auth'
+import { defaultAuthProviderState, type ServerAuthState } from '@redwoodjs/auth'
 
 import { CookieJar } from './CookieJar'
 
@@ -27,7 +27,7 @@ export class MiddlewareRequest extends WhatWgRequest {
   constructor(input: Request) {
     super(input)
     this.cookies = new CookieJar(input.headers.get('Cookie'))
-    this.serverAuthContext = new ContextJar()
+    this.serverAuthContext = new ContextJar(defaultAuthProviderState)
   }
 }
 

From 47705c2371070833f2250de67d843813afd0fa9a Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 21:45:44 +0700
Subject: [PATCH 22/34] Comment

---
 packages/vite/src/streaming/createReactStreamingHandler.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/vite/src/streaming/createReactStreamingHandler.ts b/packages/vite/src/streaming/createReactStreamingHandler.ts
index d09dcd083fe3..0ea34be26934 100644
--- a/packages/vite/src/streaming/createReactStreamingHandler.ts
+++ b/packages/vite/src/streaming/createReactStreamingHandler.ts
@@ -96,6 +96,7 @@ export const createReactStreamingHandler = async (
         const mwOutput = await middleware(mwReq)
 
         // Possible to return nothing from MW
+        // Leave the default .next() response in place
         if (mwOutput) {
           mwResponse = mwOutput
         }

From 30759dda8dab3d2f597005b72c3bd8dfed710d53 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 21:50:23 +0700
Subject: [PATCH 23/34] Move credentials include

---
 packages/web/src/apollo/links.tsx | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/packages/web/src/apollo/links.tsx b/packages/web/src/apollo/links.tsx
index bef48bf2321d..7203c5da81d7 100644
--- a/packages/web/src/apollo/links.tsx
+++ b/packages/web/src/apollo/links.tsx
@@ -16,11 +16,8 @@ export function createHttpLink(
 
   return new HttpLink({
     uri,
-    ...httpLinkConfig,
-    // you can disable result caching here if you want to
-    // @TODO: this is probably NextJS specific. Revisit once we have our own apollo package
-    fetchOptions: { cache: 'no-store' },
     credentials: 'include',
+    ...httpLinkConfig,
     headers,
   })
 }

From 918274262e7f3c2581b46b969e1f52a3ddd67037 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Fri, 26 Jan 2024 22:09:15 +0700
Subject: [PATCH 24/34] Update yarn.lock

---
 yarn.lock | 44 ++------------------------------------------
 1 file changed, 2 insertions(+), 42 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index ebb1c0c7a9ab..33df178fc9bc 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -12312,7 +12312,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@whatwg-node/fetch@npm:0.9.16":
+"@whatwg-node/fetch@npm:0.9.16, @whatwg-node/fetch@npm:^0.9.10, @whatwg-node/fetch@npm:^0.9.7":
   version: 0.9.16
   resolution: "@whatwg-node/fetch@npm:0.9.16"
   dependencies:
@@ -12335,16 +12335,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@whatwg-node/fetch@npm:^0.9.10, @whatwg-node/fetch@npm:^0.9.7":
-  version: 0.9.14
-  resolution: "@whatwg-node/fetch@npm:0.9.14"
-  dependencies:
-    "@whatwg-node/node-fetch": "npm:^0.5.0"
-    urlpattern-polyfill: "npm:^9.0.0"
-  checksum: cb91d18c744e0d01c2f8d7982f961258a43b54baa8680ed6291a257f85e5ace1b68fc74105eebebd96b4450648fbaec98d91a434c1142da44acf928c41842d58
-  languageName: node
-  linkType: hard
-
 "@whatwg-node/node-fetch@npm:^0.3.6":
   version: 0.3.6
   resolution: "@whatwg-node/node-fetch@npm:0.3.6"
@@ -12358,19 +12348,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@whatwg-node/node-fetch@npm:^0.5.0":
-  version: 0.5.0
-  resolution: "@whatwg-node/node-fetch@npm:0.5.0"
-  dependencies:
-    "@whatwg-node/events": "npm:^0.1.0"
-    busboy: "npm:^1.6.0"
-    fast-querystring: "npm:^1.1.1"
-    fast-url-parser: "npm:^1.1.3"
-    tslib: "npm:^2.3.1"
-  checksum: 1c1638dc205fb9047a41462f787dd90990973b63c4e47baaf3ad4d1f3e1b2537ef9a02d5a874297997d91d3f48392ab4b3eca68b7b48aab32dedc43c7709f0a9
-  languageName: node
-  linkType: hard
-
 "@whatwg-node/node-fetch@npm:^0.5.5":
   version: 0.5.5
   resolution: "@whatwg-node/node-fetch@npm:0.5.5"
@@ -12384,7 +12361,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@whatwg-node/server@npm:0.9.24":
+"@whatwg-node/server@npm:0.9.24, @whatwg-node/server@npm:^0.9.1":
   version: 0.9.24
   resolution: "@whatwg-node/server@npm:0.9.24"
   dependencies:
@@ -12394,16 +12371,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@whatwg-node/server@npm:^0.9.1":
-  version: 0.9.18
-  resolution: "@whatwg-node/server@npm:0.9.18"
-  dependencies:
-    "@whatwg-node/fetch": "npm:^0.9.10"
-    tslib: "npm:^2.3.1"
-  checksum: 9503a17fde50a3c2615584c8a3b54bbad3596756979b3abddb2617b1ce4eef28ef534e5f026b6661db32bac80db523bfd5eba470986be76daf99469319c716c2
-  languageName: node
-  linkType: hard
-
 "@wry/caches@npm:^1.0.0":
   version: 1.0.1
   resolution: "@wry/caches@npm:1.0.1"
@@ -33056,13 +33023,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"urlpattern-polyfill@npm:^9.0.0":
-  version: 9.0.0
-  resolution: "urlpattern-polyfill@npm:9.0.0"
-  checksum: 1fecb4a7695ad7917b02193896ec7b5773bb730ee3fbbb583cfaf134cc99da054c18560a35e7e901ad4e2f7a6035b6754313a2bb84126a7f118201427d465185
-  languageName: node
-  linkType: hard
-
 "use-callback-ref@npm:^1.3.0":
   version: 1.3.0
   resolution: "use-callback-ref@npm:1.3.0"

From 20b18d8cfdf4497254f86142ced377b619d0fa38 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Tue, 30 Jan 2024 12:45:21 +0700
Subject: [PATCH 25/34] Cleanup comments in AuthProvider

---
 packages/auth/src/AuthProvider/AuthProvider.tsx | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/packages/auth/src/AuthProvider/AuthProvider.tsx b/packages/auth/src/AuthProvider/AuthProvider.tsx
index 97afe439b235..9433d2f58cfc 100644
--- a/packages/auth/src/AuthProvider/AuthProvider.tsx
+++ b/packages/auth/src/AuthProvider/AuthProvider.tsx
@@ -133,17 +133,11 @@ export function createAuthProvider<
     // Whenever the authImplementation is ready to go, restore auth and reauthenticate
     useEffect(() => {
       async function doRestoreState() {
-        // @MARK: this is where we fetch currentUser from graphql again
-        // because without SSR, initial state doesn't exist
-        // what we want to do here is to conditionally call reauthenticate
-        // so that the restoreAuthState comes from the injected state
-
-        // the problem is that reauthenticate does both getCurrentUser and udpate the auth state
         await authImplementation.restoreAuthState?.()
 
-        // If the inital state didn't come from the server (or was restored before)
-        // reauthenticate will make an API call to the middleware to receive the current user
-        // (instead of called the graphql endpoint with currentUser)
+        // @MARK(SSR-Auth): Conditionally call reauth, because initial state should come from server (on SSR)
+        // If the inital state didn't come from the server - or was restored already -
+        // reauthenticate will make an call to receive the current user from the server
         if (!serverAuthState) {
           reauthenticate()
         }

From ac82e57aa0a95e1fceca5984f3e60b6eccda7ac2 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Tue, 30 Jan 2024 13:06:39 +0700
Subject: [PATCH 26/34] Apply suggestions from Tobbe's review

Updates comments, some types

Co-authored-by: Tobbe Lundberg <tobbe@tlundberg.com>
---
 packages/vite/src/middleware/CookieJar.ts         | 7 ++-----
 packages/vite/src/middleware/MiddlewareRequest.ts | 4 ++--
 packages/web/src/apollo/suspense.tsx              | 3 +--
 3 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/packages/vite/src/middleware/CookieJar.ts b/packages/vite/src/middleware/CookieJar.ts
index baf4fe8458a0..c89b80e69058 100644
--- a/packages/vite/src/middleware/CookieJar.ts
+++ b/packages/vite/src/middleware/CookieJar.ts
@@ -7,7 +7,7 @@ export type CookieParams = {
 
 /**
  * Specialised cookie map, that lets you set cookies with options
- * */
+ */
 export class CookieJar {
   private map = new Map<string, CookieParams>()
 
@@ -59,10 +59,7 @@ export class CookieJar {
     })
   }
 
-  /**
-   * Clear all cookies, or remove a specific cookie
-   * from the jar.
-   */
+  /** Clear all cookies, or remove a specific cookie from the jar */
   public clear(name?: string) {
     if (name) {
       this.map.delete(name)
diff --git a/packages/vite/src/middleware/MiddlewareRequest.ts b/packages/vite/src/middleware/MiddlewareRequest.ts
index 33cbf7e8161c..d875f6945c33 100644
--- a/packages/vite/src/middleware/MiddlewareRequest.ts
+++ b/packages/vite/src/middleware/MiddlewareRequest.ts
@@ -32,8 +32,8 @@ export class MiddlewareRequest extends WhatWgRequest {
 }
 
 /**
- * Converts a Web API Request object to a MiddlewareRequest object
- * also ensures that serverAuthContext is fresh for each request
+ * Converts a Web API Request object to a MiddlewareRequest object.
+ * Also ensures that serverAuthContext is fresh for each request
  * (assuming that it is a new instance for each request)
  */
 export const createMiddlewareRequest = (req: Request) => {
diff --git a/packages/web/src/apollo/suspense.tsx b/packages/web/src/apollo/suspense.tsx
index 588a9846b11e..fc970294258d 100644
--- a/packages/web/src/apollo/suspense.tsx
+++ b/packages/web/src/apollo/suspense.tsx
@@ -164,8 +164,7 @@ const ApolloProviderWithFetchConfig: React.FunctionComponent<{
         serverAuthState?.cookieHeader
       ),
     },
-    // filter boolean doesn't play nice with TS
-  ].filter((link): link is RedwoodApolloLink<any> => !!link)
+  ].filter((link): link is RedwoodApolloLinks[number] => !!link)
 
   function makeClient() {
     // @MARK use special Apollo client

From 2a5b72dc6d7b87c576fff7d6f7804f0e3024c65f Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Tue, 30 Jan 2024 13:11:03 +0700
Subject: [PATCH 27/34] Apply suggestions from Tobbe's review

More comment tings

Co-authored-by: Tobbe Lundberg <tobbe@tlundberg.com>
---
 packages/auth/src/AuthProvider/ServerAuthProvider.tsx      | 2 +-
 packages/vite/src/streaming/createReactStreamingHandler.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/auth/src/AuthProvider/ServerAuthProvider.tsx b/packages/auth/src/AuthProvider/ServerAuthProvider.tsx
index 954e62441ed3..ebaa26001f7b 100644
--- a/packages/auth/src/AuthProvider/ServerAuthProvider.tsx
+++ b/packages/auth/src/AuthProvider/ServerAuthProvider.tsx
@@ -33,7 +33,7 @@ export const ServerAuthContext = React.createContext<ServerAuthState>(
   getAuthInitialStateFromServer()
 )
 
-/***
+/**
  * Note: This only gets rendered on the server and serves two purposes:
  * 1) On the server, it sets the auth state
  * 2) On the client, it restores the auth state from the initial server render
diff --git a/packages/vite/src/streaming/createReactStreamingHandler.ts b/packages/vite/src/streaming/createReactStreamingHandler.ts
index 0ea34be26934..06a75b900772 100644
--- a/packages/vite/src/streaming/createReactStreamingHandler.ts
+++ b/packages/vite/src/streaming/createReactStreamingHandler.ts
@@ -107,7 +107,7 @@ export const createReactStreamingHandler = async (
       }
     }
 
-    // If mwResponse is a redirect, short-circuit here, and skip react rendering
+    // If mwResponse is a redirect, short-circuit here, and skip React rendering
     // @TODO should we also check if its a full response object? Next allows this... just to maintain symmetry
     if (mwResponse.isRedirect()) {
       return mwResponse.toResponse()

From 5b46aec8c2086bc8b0c62a16965e69d651a3d832 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Tue, 30 Jan 2024 15:14:45 +0700
Subject: [PATCH 28/34] Update packages/auth/src/AuthProvider/AuthProvider.tsx

Co-authored-by: Tobbe Lundberg <tobbe@tlundberg.com>
---
 packages/auth/src/AuthProvider/AuthProvider.tsx | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/auth/src/AuthProvider/AuthProvider.tsx b/packages/auth/src/AuthProvider/AuthProvider.tsx
index 9433d2f58cfc..d2e23e889f18 100644
--- a/packages/auth/src/AuthProvider/AuthProvider.tsx
+++ b/packages/auth/src/AuthProvider/AuthProvider.tsx
@@ -135,10 +135,10 @@ export function createAuthProvider<
       async function doRestoreState() {
         await authImplementation.restoreAuthState?.()
 
-        // @MARK(SSR-Auth): Conditionally call reauth, because initial state should come from server (on SSR)
-        // If the inital state didn't come from the server - or was restored already -
-        // reauthenticate will make an call to receive the current user from the server
-        if (!serverAuthState) {
+        // @MARK(SSR-Auth): Conditionally call reauth, because initial state
+        // should come from server (on SSR).
+        // If the initial state didn't come from the server - or was restored already -
+        // reauthenticate will make a call to receive the current user from the server
           reauthenticate()
         }
       }

From 78879a6bdd3b4b43db1c4fa17105c2def71a7ea8 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Tue, 30 Jan 2024 16:49:19 +0700
Subject: [PATCH 29/34] Implement middleware invoke helper

---
 packages/vite/src/devFeServer.ts              | 20 ++----
 .../vite/src/middleware/MiddlewareResponse.ts |  7 +++
 .../src/middleware/invokeMiddleware.test.ts   | 62 +++++++++++++++++++
 .../vite/src/middleware/invokeMiddleware.ts   | 47 ++++++++++++++
 .../streaming/createReactStreamingHandler.ts  | 27 ++------
 5 files changed, 126 insertions(+), 37 deletions(-)
 create mode 100644 packages/vite/src/middleware/invokeMiddleware.test.ts
 create mode 100644 packages/vite/src/middleware/invokeMiddleware.ts

diff --git a/packages/vite/src/devFeServer.ts b/packages/vite/src/devFeServer.ts
index 03ae3c01d0e0..4e4487a089a3 100644
--- a/packages/vite/src/devFeServer.ts
+++ b/packages/vite/src/devFeServer.ts
@@ -8,6 +8,7 @@ import { getProjectRoutes } from '@redwoodjs/internal/dist/routes'
 import type { Paths } from '@redwoodjs/project-config'
 import { getConfig, getPaths } from '@redwoodjs/project-config'
 
+import { invoke } from './middleware/invokeMiddleware'
 import { collectCssPaths, componentsModules } from './streaming/collectCss'
 import { createReactStreamingHandler } from './streaming/createReactStreamingHandler'
 import { registerFwGlobals } from './streaming/registerGlobals'
@@ -81,8 +82,8 @@ async function createServer() {
 
     app.get(expressPathDef, createServerAdapter(routeHandler))
 
-    app.all(
-      '/_rw_mw',
+    app.post(
+      '*',
       createServerAdapter(async (req: Request) => {
         const entryServerImport = await vite.ssrLoadModule(
           rwPaths.web.entryServer as string // already validated in dev server
@@ -90,18 +91,9 @@ async function createServer() {
 
         const middleware = entryServerImport.middleware
 
-        let out = null
-        if (middleware) {
-          try {
-            out = await middleware(req)
-          } catch (e) {
-            console.error('Whooopsie, error in middleware POST handler')
-            console.error(e)
-          }
-        }
-
-        // @TODO: We should check the type of resposne here I guess
-        return out.toResponse()
+        const [mwRes] = await invoke(req, middleware)
+
+        return mwRes.toResponse()
       })
     )
   }
diff --git a/packages/vite/src/middleware/MiddlewareResponse.ts b/packages/vite/src/middleware/MiddlewareResponse.ts
index 347ee033dea2..c5ec5f62c831 100644
--- a/packages/vite/src/middleware/MiddlewareResponse.ts
+++ b/packages/vite/src/middleware/MiddlewareResponse.ts
@@ -19,6 +19,13 @@ export class MiddlewareResponse {
     this.status = init?.status || 200
   }
 
+  static fromResponse = (res: Response) => {
+    return new MiddlewareResponse(res.body, {
+      headers: res.headers,
+      status: res.status,
+    })
+  }
+
   static next = () => {
     return new MiddlewareResponse()
   }
diff --git a/packages/vite/src/middleware/invokeMiddleware.test.ts b/packages/vite/src/middleware/invokeMiddleware.test.ts
new file mode 100644
index 000000000000..7547f5a14f60
--- /dev/null
+++ b/packages/vite/src/middleware/invokeMiddleware.test.ts
@@ -0,0 +1,62 @@
+import { describe, expect, test } from 'vitest'
+
+import { defaultAuthProviderState } from '@redwoodjs/auth'
+
+import { invoke } from './invokeMiddleware'
+import type { MiddlewareRequest } from './MiddlewareRequest'
+import { MiddlewareResponse } from './MiddlewareResponse'
+
+describe('Invoke middleware', () => {
+  test('returns a MiddlewareResponse, even if no middleware defined', async () => {
+    const [mwRes, authState] = await invoke(new Request('https://example.com'))
+    expect(mwRes).toBeInstanceOf(MiddlewareResponse)
+    expect(authState).toEqual(defaultAuthProviderState)
+  })
+
+  test('extracts auth state correctly, and always returns a MWResponse', async () => {
+    const BOB = { name: 'Bob', occupation: 'The builder' }
+    const fakeMiddleware = (req: MiddlewareRequest) => {
+      req.serverAuthContext.set({
+        user: BOB,
+      })
+    }
+
+    const [mwRes, authState] = await invoke(
+      new Request('https://example.com'),
+      fakeMiddleware
+    )
+
+    expect(mwRes).toBeInstanceOf(MiddlewareResponse)
+    expect(authState).toEqual({
+      user: BOB,
+    })
+  })
+
+  test('returns a MiddlewareResponse, even if middleware throws', async () => {
+    const throwingMiddleware = () => {
+      throw new Error('I want to break free')
+    }
+
+    const [mwRes, authState] = await invoke(
+      new Request('https://example.com'),
+      throwingMiddleware
+    )
+
+    expect(mwRes).toBeInstanceOf(MiddlewareResponse)
+    expect(authState).toEqual(defaultAuthProviderState)
+  })
+
+  test('returns a MiddlewareResponse, even if middleware returns a Response', async () => {
+    const respondingMiddleware = () =>
+      new Response('See ya, Pal', { status: 302 })
+
+    const [mwRes] = await invoke(
+      new Request('https://example.com'),
+      respondingMiddleware
+    )
+
+    expect(mwRes).toBeInstanceOf(MiddlewareResponse)
+    expect(await mwRes.toResponse().text()).toEqual('See ya, Pal')
+    expect(mwRes.isRedirect()).toEqual(true)
+  })
+})
diff --git a/packages/vite/src/middleware/invokeMiddleware.ts b/packages/vite/src/middleware/invokeMiddleware.ts
new file mode 100644
index 000000000000..c7b70f362893
--- /dev/null
+++ b/packages/vite/src/middleware/invokeMiddleware.ts
@@ -0,0 +1,47 @@
+import { defaultAuthProviderState, type ServerAuthState } from '@redwoodjs/auth'
+
+import { MiddlewareRequest } from './MiddlewareRequest'
+import { MiddlewareResponse } from './MiddlewareResponse'
+
+type Middleware = (
+  req: MiddlewareRequest,
+  res?: MiddlewareResponse
+) => Promise<MiddlewareResponse> | Response | void
+
+/**
+ *
+ * Invokes the middleware function, and guarantees and MWResponse object is returned
+ * (also making sure that the eventual Response will be of PonyResponse)
+ *
+ * Returns Tuple<MiddlewareResponse, ServerAuthState>
+ *
+ */
+export const invoke = async (
+  req: Request,
+  middleware?: Middleware
+): Promise<[MiddlewareResponse, ServerAuthState]> => {
+  if (typeof middleware !== 'function') {
+    return [MiddlewareResponse.next(), defaultAuthProviderState]
+  }
+
+  const mwReq = new MiddlewareRequest(req)
+  let mwRes: MiddlewareResponse = MiddlewareResponse.next()
+
+  try {
+    const output = (await middleware(mwReq)) || MiddlewareResponse.next()
+
+    if (output instanceof MiddlewareResponse) {
+      mwRes = output
+    } else {
+      // If it was a WebAPI Response
+      mwRes = MiddlewareResponse.fromResponse(output)
+    }
+  } catch (e) {
+    console.error('Error executing middleware > \n')
+    console.error('~'.repeat(80))
+    console.error(e)
+    console.error('~'.repeat(80))
+  }
+
+  return [mwRes, mwReq.serverAuthContext.get()]
+}
diff --git a/packages/vite/src/streaming/createReactStreamingHandler.ts b/packages/vite/src/streaming/createReactStreamingHandler.ts
index 06a75b900772..ced9d2a1b68d 100644
--- a/packages/vite/src/streaming/createReactStreamingHandler.ts
+++ b/packages/vite/src/streaming/createReactStreamingHandler.ts
@@ -4,15 +4,13 @@ import { Response } from '@whatwg-node/fetch'
 import isbot from 'isbot'
 import type { ViteDevServer } from 'vite'
 
-import type { ServerAuthState } from '@redwoodjs/auth'
 import { defaultAuthProviderState } from '@redwoodjs/auth'
 import type { RWRouteManifestItem } from '@redwoodjs/internal'
 import { getAppRouteHook, getConfig, getPaths } from '@redwoodjs/project-config'
 import { matchPath } from '@redwoodjs/router'
 import type { TagDescriptor } from '@redwoodjs/web'
 
-import { createMiddlewareRequest } from '../middleware/MiddlewareRequest'
-import { MiddlewareResponse } from '../middleware/MiddlewareResponse'
+import { invoke } from 'src/middleware/invokeMiddleware'
 
 import { reactRenderToStreamResponse } from './streamHelpers'
 import { loadAndRunRouteHooks } from './triggerRouteHooks'
@@ -87,28 +85,11 @@ export const createReactStreamingHandler = async (
 
     // ~~~ Middleware Handling ~~~
     const { middleware } = entryServerImport
-    let mwResponse: MiddlewareResponse = MiddlewareResponse.next()
-    let decodedAuthState: ServerAuthState = defaultAuthProviderState
-
-    if (middleware) {
-      try {
-        const mwReq = createMiddlewareRequest(req)
-        const mwOutput = await middleware(mwReq)
-
-        // Possible to return nothing from MW
-        // Leave the default .next() response in place
-        if (mwOutput) {
-          mwResponse = mwOutput
-        }
-
-        decodedAuthState = mwReq.serverAuthContext.get()
-      } catch (e) {
-        console.error('Whooopsie, error in middleware', e)
-      }
-    }
+
+    const [mwResponse, decodedAuthState = defaultAuthProviderState] =
+      await invoke(req, middleware)
 
     // If mwResponse is a redirect, short-circuit here, and skip React rendering
-    // @TODO should we also check if its a full response object? Next allows this... just to maintain symmetry
     if (mwResponse.isRedirect()) {
       return mwResponse.toResponse()
     }

From dcc50df52d2ece789bad0ab72d7c3f8384e7301e Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Tue, 30 Jan 2024 17:05:32 +0700
Subject: [PATCH 30/34] Rename cookieJar.delete to unset

---
 packages/vite/src/middleware/CookieJar.test.ts | 6 +++---
 packages/vite/src/middleware/CookieJar.ts      | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/vite/src/middleware/CookieJar.test.ts b/packages/vite/src/middleware/CookieJar.test.ts
index 7b5233ce252d..5b45a2f8b638 100644
--- a/packages/vite/src/middleware/CookieJar.test.ts
+++ b/packages/vite/src/middleware/CookieJar.test.ts
@@ -53,12 +53,12 @@ describe('CookieJar', () => {
     })
 
     // @MARK: API convention worth discussing!
-    // Delete is a little special, it doesn't actually delete the cookie
+    // Unset is a little special, it doesn't actually delete the cookie
     // but sets it to expire and sets an empty value
-    test('delete', () => {
+    test('unset', () => {
       const myJar = new CookieJar('auth_provider=kittens; session=woof-124556')
 
-      myJar.delete('auth_provider')
+      myJar.unset('auth_provider')
 
       const { value: authProviderValue, options: authProviderOptions } =
         myJar.get('auth_provider')!
diff --git a/packages/vite/src/middleware/CookieJar.ts b/packages/vite/src/middleware/CookieJar.ts
index c89b80e69058..1397173fa4a6 100644
--- a/packages/vite/src/middleware/CookieJar.ts
+++ b/packages/vite/src/middleware/CookieJar.ts
@@ -50,7 +50,7 @@ export class CookieJar {
    * Won't delete a cookie from the jar, but will set it to expire
    * and set an empty value
    */
-  public delete(name: string) {
+  public unset(name: string) {
     return this.map.set(name, {
       value: '',
       options: {

From a203a19bbc67149845fa7ff555d7c9e056b2230c Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Tue, 30 Jan 2024 17:19:35 +0700
Subject: [PATCH 31/34] Also invoke middleware in prod fe server

---
 packages/vite/src/runFeServer.ts | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/packages/vite/src/runFeServer.ts b/packages/vite/src/runFeServer.ts
index 625a0f1623d8..3fb1015b42e6 100644
--- a/packages/vite/src/runFeServer.ts
+++ b/packages/vite/src/runFeServer.ts
@@ -17,6 +17,7 @@ import type { Manifest as ViteBuildManifest } from 'vite'
 
 import { getConfig, getPaths } from '@redwoodjs/project-config'
 
+import { invoke } from './middleware/invokeMiddleware'
 import { createRscRequestHandler } from './rsc/rscRequestHandler'
 import { setClientEntries } from './rsc/rscWorkerCommunication'
 import { createReactStreamingHandler } from './streaming/createReactStreamingHandler'
@@ -160,6 +161,20 @@ export async function runFeServer() {
   // Mounting middleware at /rw-rsc will strip /rw-rsc from req.url
   app.use('/rw-rsc', createRscRequestHandler())
 
+  // @MARK: put this after rw-rsc!
+  app.post(
+    '*',
+    createServerAdapter(async (req: Request) => {
+      const entryServerImport = await import(rwPaths.web.distEntryServer)
+
+      const { middleware } = entryServerImport
+
+      const [mwRes] = await invoke(req, middleware)
+
+      return mwRes.toResponse()
+    })
+  )
+
   app.listen(rwConfig.web.port)
   console.log(
     `Started production FE server on http://localhost:${rwConfig.web.port}`

From beef260e55729f7c8c754653ab3b093ac618f2f1 Mon Sep 17 00:00:00 2001
From: Daniel Choudhury <dannychoudhury@gmail.com>
Date: Tue, 30 Jan 2024 17:21:06 +0700
Subject: [PATCH 32/34] Update
 packages/auth/src/AuthProvider/ServerAuthProvider.tsx

---
 packages/auth/src/AuthProvider/ServerAuthProvider.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/auth/src/AuthProvider/ServerAuthProvider.tsx b/packages/auth/src/AuthProvider/ServerAuthProvider.tsx
index ebaa26001f7b..162597b21db3 100644
--- a/packages/auth/src/AuthProvider/ServerAuthProvider.tsx
+++ b/packages/auth/src/AuthProvider/ServerAuthProvider.tsx
@@ -45,7 +45,7 @@ export const ServerAuthProvider = ({
   value: ServerAuthState
   children?: ReactNode[]
 }) => {
-  // @NOTE: we "Sanitize" to remove encryptedSession and cookieHeader
+  // @NOTE: we "Sanitize" to remove cookieHeader
   // not totally necessary, but it's nice to not have them in the DOM
   // @MARK: needs discussion!
   const stringifiedAuthState = `__REDWOOD__SERVER__AUTH_STATE__ = ${JSON.stringify(

From 967a6c2f1c0e2a612d725242d666aa6ed6f2b860 Mon Sep 17 00:00:00 2001
From: Tobbe Lundberg <tobbe@tlundberg.com>
Date: Wed, 31 Jan 2024 05:48:41 +0100
Subject: [PATCH 33/34] fix syntax error (extra })

---
 packages/auth/src/AuthProvider/AuthProvider.tsx | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/packages/auth/src/AuthProvider/AuthProvider.tsx b/packages/auth/src/AuthProvider/AuthProvider.tsx
index d2e23e889f18..22c16f1fa7fb 100644
--- a/packages/auth/src/AuthProvider/AuthProvider.tsx
+++ b/packages/auth/src/AuthProvider/AuthProvider.tsx
@@ -130,17 +130,18 @@ export function createAuthProvider<
     const type = authImplementation.type
     const client = authImplementation.client
 
-    // Whenever the authImplementation is ready to go, restore auth and reauthenticate
+    // Whenever the authImplementation is ready to go, restore auth and
+    // reauthenticate
     useEffect(() => {
       async function doRestoreState() {
         await authImplementation.restoreAuthState?.()
 
-        // @MARK(SSR-Auth): Conditionally call reauth, because initial state
-        // should come from server (on SSR).
-        // If the initial state didn't come from the server - or was restored already -
-        // reauthenticate will make a call to receive the current user from the server
-          reauthenticate()
-        }
+        // @MARK(SSR-Auth): Conditionally call reauthenticate, because initial
+        // state should come from server (on SSR).
+        // If the initial state didn't come from the server - or was restored
+        // already - reauthenticate will make a call to receive the current
+        // user from the server
+        reauthenticate()
       }
 
       doRestoreState()

From 68250c2e1438d4c5a3cbc06e80e23a3e8df1d8f3 Mon Sep 17 00:00:00 2001
From: Tobbe Lundberg <tobbe@tlundberg.com>
Date: Wed, 31 Jan 2024 06:08:59 +0100
Subject: [PATCH 34/34] Use relative import path

---
 packages/vite/src/streaming/createReactStreamingHandler.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/vite/src/streaming/createReactStreamingHandler.ts b/packages/vite/src/streaming/createReactStreamingHandler.ts
index ced9d2a1b68d..e01768193610 100644
--- a/packages/vite/src/streaming/createReactStreamingHandler.ts
+++ b/packages/vite/src/streaming/createReactStreamingHandler.ts
@@ -10,7 +10,7 @@ import { getAppRouteHook, getConfig, getPaths } from '@redwoodjs/project-config'
 import { matchPath } from '@redwoodjs/router'
 import type { TagDescriptor } from '@redwoodjs/web'
 
-import { invoke } from 'src/middleware/invokeMiddleware'
+import { invoke } from '../middleware/invokeMiddleware'
 
 import { reactRenderToStreamResponse } from './streamHelpers'
 import { loadAndRunRouteHooks } from './triggerRouteHooks'