From df560b02d488c2a22a1daee80839ba0dcbf9593e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=BF=A0=20/=20green?= <green@sapphi.red>
Date: Thu, 22 Sep 2022 18:11:27 +0900
Subject: [PATCH] perf: cache compiled glob for `server.fs.deny` (#10044)

---
 docs/config/server-options.md                 |  5 ++--
 package.json                                  |  1 +
 packages/vite/package.json                    |  1 +
 packages/vite/src/node/server/index.ts        | 11 +++++++--
 .../src/node/server/middlewares/static.ts     |  8 +------
 pnpm-lock.yaml                                | 23 ++++++++++++++++++-
 6 files changed, 36 insertions(+), 13 deletions(-)

diff --git a/docs/config/server-options.md b/docs/config/server-options.md
index d901a3a73797a5..7afd8e19d25486 100644
--- a/docs/config/server-options.md
+++ b/docs/config/server-options.md
@@ -297,10 +297,9 @@ export default defineConfig({
 ## server.fs.deny
 
 - **Type:** `string[]`
+- **Default:** `['.env', '.env.*', '*.{pem,crt}']`
 
-Blocklist for sensitive files being restricted to be served by Vite dev server.
-
-Default to `['.env', '.env.*', '*.{pem,crt}']`.
+Blocklist for sensitive files being restricted to be served by Vite dev server. This will have higher priority than [`server.fs.allow`](#server-fs-allow). [picomatch patterns](https://github.com/micromatch/picomatch#globbing-features) are supported.
 
 ## server.origin
 
diff --git a/package.json b/package.json
index 0d63af94fe4bed..d08cd95d16d0ea 100644
--- a/package.json
+++ b/package.json
@@ -51,6 +51,7 @@
     "@types/micromatch": "^4.0.2",
     "@types/minimist": "^1.2.2",
     "@types/node": "^17.0.42",
+    "@types/picomatch": "^2.3.0",
     "@types/prompts": "^2.0.14",
     "@types/resolve": "^1.20.2",
     "@types/sass": "~1.43.1",
diff --git a/packages/vite/package.json b/packages/vite/package.json
index a4cdc9e83c4482..e0771bbc395a41 100644
--- a/packages/vite/package.json
+++ b/packages/vite/package.json
@@ -105,6 +105,7 @@
     "parse5": "^7.1.1",
     "periscopic": "^3.0.4",
     "picocolors": "^1.0.0",
+    "picomatch": "^2.3.1",
     "postcss-import": "^15.0.0",
     "postcss-load-config": "^4.0.1",
     "postcss-modules": "^5.0.0",
diff --git a/packages/vite/src/node/server/index.ts b/packages/vite/src/node/server/index.ts
index 12b93216d15168..2347a1f83e662f 100644
--- a/packages/vite/src/node/server/index.ts
+++ b/packages/vite/src/node/server/index.ts
@@ -11,6 +11,8 @@ import type { FSWatcher, WatchOptions } from 'types/chokidar'
 import type { Connect } from 'types/connect'
 import launchEditorMiddleware from 'launch-editor-middleware'
 import type { SourceMap } from 'rollup'
+import picomatch from 'picomatch'
+import type { Matcher } from 'picomatch'
 import type { CommonServerOptions } from '../http'
 import {
   httpServerStart,
@@ -143,7 +145,7 @@ export interface FileSystemServeOptions {
    * Restrict accessing files that matches the patterns.
    *
    * This will have higher priority than `allow`.
-   * Glob patterns are supported.
+   * picomatch patterns are supported.
    *
    * @default ['.env', '.env.*', '*.crt', '*.pem']
    */
@@ -283,6 +285,10 @@ export interface ViteDevServer {
       abort: () => void
     }
   >
+  /**
+   * @internal
+   */
+  _fsDenyGlob: Matcher
 }
 
 export interface ResolvedServerUrls {
@@ -426,7 +432,8 @@ export async function createServer(
     _restartPromise: null,
     _importGlobMap: new Map(),
     _forceOptimizeOnRestart: false,
-    _pendingRequests: new Map()
+    _pendingRequests: new Map(),
+    _fsDenyGlob: picomatch(config.server.fs.deny, { matchBase: true })
   }
 
   server.transformIndexHtml = createDevHtmlTransformFn(server)
diff --git a/packages/vite/src/node/server/middlewares/static.ts b/packages/vite/src/node/server/middlewares/static.ts
index 1c71529ef72e79..dff31d19bff209 100644
--- a/packages/vite/src/node/server/middlewares/static.ts
+++ b/packages/vite/src/node/server/middlewares/static.ts
@@ -3,7 +3,6 @@ import type { OutgoingHttpHeaders, ServerResponse } from 'node:http'
 import type { Options } from 'sirv'
 import sirv from 'sirv'
 import type { Connect } from 'types/connect'
-import micromatch from 'micromatch'
 import type { ViteDevServer } from '../..'
 import { FS_PREFIX } from '../../constants'
 import {
@@ -18,8 +17,6 @@ import {
   slash
 } from '../../utils'
 
-const { isMatch } = micromatch
-
 const sirvOptions = (headers?: OutgoingHttpHeaders): Options => {
   return {
     dev: true,
@@ -158,8 +155,6 @@ export function serveRawFsMiddleware(
   }
 }
 
-const _matchOptions = { matchBase: true }
-
 export function isFileServingAllowed(
   url: string,
   server: ViteDevServer
@@ -168,8 +163,7 @@ export function isFileServingAllowed(
 
   const file = fsPathFromUrl(url)
 
-  if (server.config.server.fs.deny.some((i) => isMatch(file, i, _matchOptions)))
-    return false
+  if (server._fsDenyGlob(file)) return false
 
   if (server.moduleGraph.safeModulesPath.has(file)) return true
 
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index ecd35705d8be53..d3dd6f4ac84fde 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -25,6 +25,7 @@ importers:
       '@types/micromatch': ^4.0.2
       '@types/minimist': ^1.2.2
       '@types/node': ^17.0.42
+      '@types/picomatch': ^2.3.0
       '@types/prompts': ^2.0.14
       '@types/resolve': ^1.20.2
       '@types/sass': ~1.43.1
@@ -80,6 +81,7 @@ importers:
       '@types/micromatch': 4.0.2
       '@types/minimist': 1.2.2
       '@types/node': 17.0.42
+      '@types/picomatch': 2.3.0
       '@types/prompts': 2.0.14
       '@types/resolve': 1.20.2
       '@types/sass': 1.43.1
@@ -251,6 +253,7 @@ importers:
       parse5: ^7.1.1
       periscopic: ^3.0.4
       picocolors: ^1.0.0
+      picomatch: ^2.3.1
       postcss: ^8.4.16
       postcss-import: ^15.0.0
       postcss-load-config: ^4.0.1
@@ -314,6 +317,7 @@ importers:
       parse5: 7.1.1
       periscopic: 3.0.4
       picocolors: 1.0.0
+      picomatch: 2.3.1
       postcss-import: 15.0.0_postcss@8.4.16
       postcss-load-config: 4.0.1_postcss@8.4.16
       postcss-modules: 5.0.0_postcss@8.4.16
@@ -2546,6 +2550,10 @@ packages:
   /@types/parse-json/4.0.0:
     resolution: {integrity: sha512-//oorEZjL6sbPcKUaCdIGlIUeH26mgzimjBB77G6XRgnDl/L5wOnpyBGRe/Mmf5CVW3PwEBE1NjiMZ/ssFh4wA==}
 
+  /@types/picomatch/2.3.0:
+    resolution: {integrity: sha512-O397rnSS9iQI4OirieAtsDqvCj4+3eY1J+EPdNTKuHuRWIfUoGyzX294o8C4KJYaLqgSrd2o60c5EqCU8Zv02g==}
+    dev: true
+
   /@types/prompts/2.0.14:
     resolution: {integrity: sha512-HZBd99fKxRWpYCErtm2/yxUZv6/PBI9J7N4TNFffl5JbrYMHBwF25DjQGTW3b3jmXq+9P6/8fCIb2ee57BFfYA==}
     dependencies:
@@ -5206,6 +5214,19 @@ packages:
     peerDependenciesMeta:
       debug:
         optional: true
+    dev: false
+
+  /follow-redirects/1.15.0_debug@4.3.4:
+    resolution: {integrity: sha512-aExlJShTV4qOUOL7yF1U5tvLCB0xQuudbf6toyYA0E/acBNw71mvjFTnLaRp50aQaYocMR0a/RMMBIHeZnGyjQ==}
+    engines: {node: '>=4.0'}
+    peerDependencies:
+      debug: '*'
+    peerDependenciesMeta:
+      debug:
+        optional: true
+    dependencies:
+      debug: 4.3.4
+    dev: true
 
   /form-data/4.0.0:
     resolution: {integrity: sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==}
@@ -5599,7 +5620,7 @@ packages:
     engines: {node: '>=8.0.0'}
     dependencies:
       eventemitter3: 4.0.7
-      follow-redirects: 1.15.0
+      follow-redirects: 1.15.0_debug@4.3.4
       requires-port: 1.0.0
     transitivePeerDependencies:
       - debug