fix(edge-runtime): match path with URI-encoded chars

Following the behaviour in vercel/next.js#78325, if a path
matches a configured middleware matcher when URI-decoded, consider it a match.

This doesn't seem ideal, but it aligns our behaviour with that of Next.js, and ensures
that static asset matching behaviour aligns with edge middleware matching behaviour.

Author: serhalp

edge-runtime/lib/routing.ts

@@ -424,14 +424,24 @@ export interface MiddlewareMatcher {
   missing?: RouteHas[]
 }
 
+const decodeMaybeEncodedPath = (path: string): string => {
+  try {
+    return decodeURIComponent(path)
+  } catch {
+    return path
+  }
+}
+
 export function getMiddlewareRouteMatcher(matchers: MiddlewareMatcher[]): MiddlewareRouteMatch {
   return (
-    pathname: string | null | undefined,
+    unsafePathname: string | null | undefined,
     req: Pick<Request, 'headers' | 'url'>,
     query: Params,
   ) => {
+    const pathname = decodeMaybeEncodedPath(unsafePathname ?? '')
+
     for (const matcher of matchers) {
-      const routeMatch = new RegExp(matcher.regexp).exec(pathname!)
+      const routeMatch = new RegExp(matcher.regexp).exec(pathname)
       if (!routeMatch) {
         continue
       }

tests/e2e/edge-middleware.test.ts

@@ -233,6 +233,15 @@ test("requests with x-middleware-subrequest don't skip middleware (GHSA-f82v-jwr
   expect(response.headers.get('x-test-used-next-version')).toBe('15.2.2')
 })
 
+test('requests with different encoding than matcher match anyway', async ({
+  middlewareStaticAssetMatcher,
+}) => {
+  const response = await fetch(`${middlewareStaticAssetMatcher.url}/hello%2Fworld.txt`)
+
+  // middleware was not skipped
+  expect(await response.text()).toBe('hello from middleware')
+})
+
 test.describe('RSC cache poisoning', () => {
   test('Middleware rewrite', async ({ page, middleware }) => {
     const prefetchResponsePromise = new Promise<Response>((resolve) => {

tests/fixtures/middleware-static-asset-matcher/app/caching-redirect-target/page.js

@@ -0,0 +1,9 @@
+export default function CachingRedirect() {
+  return (
+    <main>
+      <h1>Hello redirect target</h1>
+    </main>
+  )
+}
+
+export const dynamic = 'force-static'

tests/fixtures/middleware-static-asset-matcher/app/caching-rewrite-target/page.js

@@ -0,0 +1,9 @@
+export default function CachingRewrite() {
+  return (
+    <main>
+      <h1>Hello rewrite target</h1>
+    </main>
+  )
+}
+
+export const dynamic = 'force-static'

tests/fixtures/middleware-static-asset-matcher/app/layout.js

@@ -0,0 +1,12 @@
+export const metadata = {
+  title: 'Simple Next App',
+  description: 'Description for Simple Next App',
+}
+
+export default function RootLayout({ children }) {
+  return (
+    <html lang="en">
+      <body>{children}</body>
+    </html>
+  )
+}

tests/fixtures/middleware-static-asset-matcher/app/link-to-redirect-to-cached-page/page.js

@@ -0,0 +1,13 @@
+import Link from 'next/link'
+
+export default function LinksToRedirectedCachedPage() {
+  return (
+    <nav>
+      <ul>
+        <li>
+          <Link href="/test/redirect-to-cached-page">NextResponse.redirect</Link>
+        </li>
+      </ul>
+    </nav>
+  )
+}

tests/fixtures/middleware-static-asset-matcher/app/link-to-rewrite-to-cached-page/page.js

@@ -0,0 +1,13 @@
+import Link from 'next/link'
+
+export default function LinksToRewrittenCachedPage() {
+  return (
+    <nav>
+      <ul>
+        <li>
+          <Link href="/test/rewrite-to-cached-page">NextResponse.rewrite</Link>
+        </li>
+      </ul>
+    </nav>
+  )
+}

tests/fixtures/middleware-static-asset-matcher/app/other/page.js

@@ -0,0 +1,7 @@
+export default function Page() {
+  return (
+    <main>
+      <h1>Other</h1>
+    </main>
+  )
+}

tests/fixtures/middleware-static-asset-matcher/app/page.js

@@ -0,0 +1,7 @@
+export default function Home() {
+  return (
+    <main>
+      <h1>Home</h1>
+    </main>
+  )
+}

tests/fixtures/middleware-static-asset-matcher/app/test/next/page.js

@@ -0,0 +1,12 @@
+import { headers } from 'next/headers'
+
+export default function Page() {
+  const headersList = headers()
+  const message = headersList.get('x-hello-from-middleware-req')
+
+  return (
+    <main>
+      <h1>Message from middleware: {message}</h1>
+    </main>
+  )
+}

tests/fixtures/middleware-static-asset-matcher/app/test/redirect/page.js

@@ -0,0 +1,7 @@
+export default function Redirect() {
+  return (
+    <main>
+      <h1>If middleware works, we shoudn't get here</h1>
+    </main>
+  )
+}

tests/fixtures/middleware-static-asset-matcher/app/test/rewrite-target/page.js

@@ -0,0 +1,7 @@
+export default function Rewrite() {
+  return (
+    <main>
+      <h1>Hello rewrite</h1>
+    </main>
+  )
+}

tests/fixtures/middleware-static-asset-matcher/app/test/rewrite/page.js

@@ -0,0 +1,7 @@
+export default function Rewrite() {
+  return (
+    <main>
+      <h1>If middleware works, we shoudn't get here</h1>
+    </main>
+  )
+}

tests/fixtures/middleware-static-asset-matcher/middleware.ts

@@ -0,0 +1,7 @@
+export default function middleware() {
+  return new Response('hello from middleware')
+}
+
+export const config = {
+  matcher: '/hello/world.txt',
+}

tests/fixtures/middleware-static-asset-matcher/next.config.js

@@ -0,0 +1,16 @@
+/** @type {import('next').NextConfig} */
+const nextConfig = {
+  output: 'standalone',
+  eslint: {
+    ignoreDuringBuilds: true,
+  },
+  webpack: (config) => {
+    // this is a trigger to generate multiple `.next/server/middleware-[hash].js` files instead of
+    // single `.next/server/middleware.js` file
+    config.optimization.splitChunks.maxSize = 100_000
+
+    return config
+  },
+}
+
+module.exports = nextConfig

tests/fixtures/middleware-static-asset-matcher/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "middleware",
+  "version": "0.1.0",
+  "private": true,
+  "scripts": {
+    "postinstall": "next build",
+    "dev": "next dev",
+    "build": "next build"
+  },
+  "dependencies": {
+    "@aws-amplify/adapter-nextjs": "^1.0.18",
+    "aws-amplify": "^6.0.18",
+    "next": "latest",
+    "react": "18.2.0",
+    "react-dom": "18.2.0"
+  }
+}

tests/fixtures/middleware-static-asset-matcher/public/hello/world.txt

@@ -0,0 +1 @@
+hello from a static asset

tests/utils/create-e2e-fixture.ts

@@ -333,10 +333,11 @@ export const fixtureFactories = {
   pnpm: () => createE2EFixture('pnpm', { packageManger: 'pnpm' }),
   bun: () => createE2EFixture('simple', { packageManger: 'bun' }),
   middleware: () => createE2EFixture('middleware'),
-  middlewareSubrequestVuln: () => createE2EFixture('middleware-subrequest-vuln'),
   middlewareI18nExcludedPaths: () => createE2EFixture('middleware-i18n-excluded-paths'),
   middlewareOg: () => createE2EFixture('middleware-og'),
   middlewarePages: () => createE2EFixture('middleware-pages'),
+  middlewareStaticAssetMatcher: () => createE2EFixture('middleware-static-asset-matcher'),
+  middlewareSubrequestVuln: () => createE2EFixture('middleware-subrequest-vuln'),
   pageRouter: () => createE2EFixture('page-router'),
   pageRouterBasePathI18n: () => createE2EFixture('page-router-base-path-i18n'),
   turborepo: () =>