Don't run post processors when compiling views

Author: aarondfrancis

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## Unreleased
 
+### Changed
+
+- Post-processors don't run if Laravel is compiling views.
+
 ## 0.5.2 - 2021-08-02
 
 ### Fixed

src/Blade/EngineDecorator.php

@@ -0,0 +1,45 @@
+<?php
+/**
+ * @author Aaron Francis <aaron@hammerstone.dev|https://twitter.com/aarondfrancis>
+ */
+
+namespace Torchlight\Blade;
+
+use Illuminate\Contracts\View\Engine;
+use Torchlight\Torchlight;
+
+class EngineDecorator implements Engine
+{
+    public $decorated;
+
+    public function __construct($resolved)
+    {
+        $this->decorated = $resolved;
+    }
+
+    public function __get($name)
+    {
+        return $this->decorated->{$name};
+    }
+
+    public function __set($name, $value)
+    {
+        $this->decorated->{$name} = $value;
+    }
+
+    public function __call($name, $arguments)
+    {
+        return call_user_func_array([$this->decorated, $name], $arguments);
+    }
+
+    public function get($path, array $data = [])
+    {
+        Torchlight::currentlyCompilingViews(true);
+
+        $result = $this->decorated->get($path, $data);
+
+        Torchlight::currentlyCompilingViews(false);
+
+        return $result;
+    }
+}

src/Manager.php

@@ -42,6 +42,11 @@ class Manager
      */
     protected $postProcessors = [];
 
+    /**
+     * @var bool
+     */
+    protected $currentlyCompilingViews = false;
+
     /**
      * @param Client $client
      * @return Manager
@@ -65,6 +70,14 @@ public function client()
         return $this->client;
     }
 
+    /**
+     * @param $value
+     */
+    public function currentlyCompilingViews($value)
+    {
+        $this->currentlyCompilingViews = $value;
+    }
+
     /**
      * @param $blocks
      * @return mixed
@@ -73,11 +86,7 @@ public function highlight($blocks)
     {
         $blocks = $this->client()->highlight($blocks);
 
-        foreach ($blocks as $block) {
-            foreach ($this->postProcessors as $processor) {
-                app($processor)->process($block);
-            }
-        }
+        $this->postProcessBlocks($blocks);
 
         return $blocks;
     }
@@ -116,6 +125,31 @@ public function addPostProcessors($classes)
         }
     }
 
+    /**
+     * @param $blocks
+     */
+    public function postProcessBlocks($blocks)
+    {
+        foreach ($this->postProcessors as $processor) {
+            $processor = app($processor);
+
+            // By default we do _not_ run post-processors when Laravel is compiling
+            // views, because it could lead to data leaks if a post-processor swaps
+            // user data in. If the developer understands this, they can turn
+            // `processEvenWhenCompiling` on and we'll happily run them.
+            $processWhenCompiling = property_exists($processor, 'processEvenWhenCompiling')
+                && $processor->processEvenWhenCompiling;
+
+            if ($this->currentlyCompilingViews && !$processWhenCompiling) {
+                continue;
+            }
+
+            foreach ($blocks as $block) {
+                $processor->process($block);
+            }
+        }
+    }
+
     /**
      * Get an item out of the config using dot notation.
      *

src/TorchlightServiceProvider.php

@@ -8,6 +8,7 @@
 use Illuminate\Support\ServiceProvider;
 use Torchlight\Blade\BladeManager;
 use Torchlight\Blade\CodeComponent;
+use Torchlight\Blade\EngineDecorator;
 use Torchlight\Commands\Install;
 use Torchlight\Middleware\RenderTorchlight;
 
@@ -20,6 +21,7 @@ public function boot()
         $this->publishConfig();
         $this->registerBladeComponent();
         $this->registerLivewire();
+        $this->decorateGrahamCampbellEngines();
     }
 
     public function bindManagerSingleton()
@@ -71,6 +73,53 @@ public function registerLivewire()
         }
     }
 
+    /**
+     * Graham Campbell's Markdown package is a common (and excellent) package that many
+     * Laravel developers use for markdown. It registers a few view engines so you can
+     * just return e.g. `view("file.md")` and the markdown will get rendered to HTML.
+     *
+     * The markdown file will get parsed *once* and saved to the disk, which could lead
+     * to data leaks if you're using a post processor that injects some sort of user
+     * details. The first user that hits the page will have their information saved
+     * into the compiled views.
+     *
+     * We decorate the engines that Graham uses so we can alert our post processors
+     * not to run when the views are being compiled.
+     */
+    public function decorateGrahamCampbellEngines()
+    {
+        if (!class_exists('\\GrahamCampbell\\Markdown\\MarkdownServiceProvider')) {
+            return;
+        }
+
+        // The engines won't be registered if this is false.
+        if (!$this->app->config->get('markdown.views')) {
+            return;
+        }
+
+        // Decorate all the engines that Graham's package registers.
+        $this->decorateEngine('md');
+        $this->decorateEngine('phpmd');
+        $this->decorateEngine('blademd');
+    }
+
+    /**
+     * Decorate a single view engine.
+     * @param $name
+     */
+    protected function decorateEngine($name)
+    {
+        // No engine registered.
+        if (!$resolved = $this->app->view->getEngineResolver()->resolve($name)) {
+            return;
+        }
+
+        // Wrap the existing engine in our decorator.
+        $this->app->view->getEngineResolver()->register($name, function () use ($resolved) {
+            return new EngineDecorator($resolved);
+        });
+    }
+
     public function register()
     {
         $this->mergeConfigFrom(__DIR__ . '/../config/torchlight.php', 'torchlight');

tests/PostProcessorTest.php

@@ -36,6 +36,43 @@ public function it_runs_post_processors()
         $this->assertEquals($blocks[0]->highlighted, '<div class=\'highlighted\'>echo "goodbye world";</div>');
     }
 
+    /** @test */
+    public function it_doesnt_run_when_compiling()
+    {
+        $this->fakeSuccessfulResponse('id');
+
+        Torchlight::addPostProcessors([
+            GoodbyePostProcessor::class
+        ]);
+
+        Torchlight::currentlyCompilingViews(true);
+
+        $blocks = Torchlight::highlight(
+            Block::make('id')->language('php')->code('echo "hello world";')
+        );
+
+        $this->assertEquals($blocks[0]->highlighted, '<div class=\'highlighted\'>echo "hello world";</div>');
+    }
+
+    /** @test */
+    public function it_runs_when_compiling_if_requested()
+    {
+        $this->fakeSuccessfulResponse('id');
+
+        Torchlight::addPostProcessors([
+            GoodbyePostProcessor::class,
+            RunWhileCompilingProcessor::class,
+        ]);
+
+        Torchlight::currentlyCompilingViews(true);
+
+        $blocks = Torchlight::highlight(
+            Block::make('id')->language('php')->code('echo "hello world";')
+        );
+
+        $this->assertEquals($blocks[0]->highlighted, '<div class=\'highlighted\'>echo "compiled world";</div>');
+    }
+
     /** @test */
     public function null_processor_works()
     {
@@ -103,3 +140,13 @@ public function process(Block $block)
         $block->highlighted = str_replace('goodbye', 'goodbye cruel', $block->highlighted);
     }
 }
+
+class RunWhileCompilingProcessor implements PostProcessor
+{
+    public $processEvenWhenCompiling = true;
+
+    public function process(Block $block)
+    {
+        $block->highlighted = str_replace('hello', 'compiled', $block->highlighted);
+    }
+}