Redirect requests with repeated slashes (#863)

* feat: redirect requests with repeated slashes

* chore: add changeset

* feat: respond to PR review

* chore: fix linting error

* doc: document funcs with links to their Next equivalents

---------

Co-authored-by: theredandtheblue <9413070-theredandtheblue@users.noreply.gitlab.com>

Author: dnewbound0

.changeset/cuddly-dingos-walk.md

@@ -0,0 +1,5 @@
+---
+"@opennextjs/aws": patch
+---
+
+feat: redirect requests with repeated slashes

packages/open-next/src/core/routing/matcher.ts

@@ -9,6 +9,7 @@ import type {
   RouteHas,
 } from "types/next-types";
 import type { InternalEvent, InternalResult } from "types/open-next";
+import { normalizeRepeatedSlashes } from "utils/normalize-path";
 import { emptyReadableStream, toReadableStream } from "utils/stream";
 
 import { debug } from "../../adapters/logger";
@@ -262,6 +263,29 @@ export function handleRewrites<T extends RewriteDefinition>(
   };
 }
 
+// Normalizes repeated slashes in the path e.g. hello//world -> hello/world
+// or backslashes to forward slashes. This prevents requests such as //domain
+// from invoking the middleware with `request.url === "domain"`.
+// See: https://github.com/vercel/next.js/blob/3ecf087f10fdfba4426daa02b459387bc9c3c54f/packages/next/src/server/base-server.ts#L1016-L1020
+function handleRepeatedSlashRedirect(
+  event: InternalEvent,
+): false | InternalResult {
+  // Redirect `https://example.com//foo` to `https://example.com/foo`.
+  if (event.rawPath.match(/(\\|\/\/)/)) {
+    return {
+      type: event.type,
+      statusCode: 308,
+      headers: {
+        Location: normalizeRepeatedSlashes(new URL(event.url)),
+      },
+      body: emptyReadableStream(),
+      isBase64Encoded: false,
+    };
+  }
+
+  return false;
+}
+
 function handleTrailingSlashRedirect(
   event: InternalEvent,
 ): false | InternalResult {
@@ -326,6 +350,9 @@ export function handleRedirects(
   event: InternalEvent,
   redirects: RedirectDefinition[],
 ): InternalResult | undefined {
+  const repeatedSlashRedirect = handleRepeatedSlashRedirect(event);
+  if (repeatedSlashRedirect) return repeatedSlashRedirect;
+
   const trailingSlashRedirect = handleTrailingSlashRedirect(event);
   if (trailingSlashRedirect) return trailingSlashRedirect;
 

packages/open-next/src/utils/normalize-path.ts

@@ -4,6 +4,14 @@ export function normalizePath(path: string) {
   return path.replace(/\\/g, "/");
 }
 
+// See: https://github.com/vercel/next.js/blob/3ecf087f10fdfba4426daa02b459387bc9c3c54f/packages/next/src/shared/lib/utils.ts#L348
+export function normalizeRepeatedSlashes(url: URL) {
+  const urlNoQuery = url.host + url.pathname;
+  return `${url.protocol}//${urlNoQuery
+    .replace(/\\/g, "/")
+    .replace(/\/\/+/g, "/")}${url.search}`;
+}
+
 export function getMonorepoRelativePath(relativePath = "../.."): string {
   return path.join(
     globalThis.monorepoPackagePath

packages/tests-unit/tests/core/routing/matcher.test.ts

@@ -271,6 +271,17 @@ describe("getNextConfigHeaders", () => {
 });
 
 describe("handleRedirects", () => {
+  it("should redirect repeated slashes", () => {
+    const event = createEvent({
+      url: "https://on/api-route//foo",
+    });
+
+    const result = handleRedirects(event, []);
+
+    expect(result.statusCode).toEqual(308);
+    expect(result.headers.Location).toEqual("https://on/api-route/foo");
+  });
+
   it("should redirect trailing slash by default", () => {
     const event = createEvent({
       url: "https://on/api-route/",