fix(laravel): Prevent overwriting existing routes on the router (#6941)

jonerickson · web-flow · commit 5124d8c571bc · 2025-02-07T11:32:52.000+01:00
* Prevent overwriting existing routes on the router
* Move routes to its own routes file and add domain support
* Fix tests and stan. Run cs fixer
* Revert laravel pint changes
diff --git a/src/Laravel/ApiPlatformProvider.php b/src/Laravel/ApiPlatformProvider.php
@@ -66,7 +66,6 @@
 use ApiPlatform\JsonApi\Serializer\ItemNormalizer as JsonApiItemNormalizer;
 use ApiPlatform\JsonApi\Serializer\ObjectNormalizer as JsonApiObjectNormalizer;
 use ApiPlatform\JsonApi\Serializer\ReservedAttributeNameConverter;
-use ApiPlatform\JsonLd\Action\ContextAction;
 use ApiPlatform\JsonLd\AnonymousContextBuilderInterface;
 use ApiPlatform\JsonLd\ContextBuilder as JsonLdContextBuilder;
 use ApiPlatform\JsonLd\ContextBuilderInterface;
@@ -124,7 +123,6 @@
 use ApiPlatform\Laravel\State\SwaggerUiProcessor;
 use ApiPlatform\Laravel\State\SwaggerUiProvider;
 use ApiPlatform\Laravel\State\ValidateProvider;
-use ApiPlatform\Metadata\Exception\NotExposedHttpException;
 use ApiPlatform\Metadata\IdentifiersExtractor;
 use ApiPlatform\Metadata\IdentifiersExtractorInterface;
 use ApiPlatform\Metadata\InflectorInterface;
@@ -196,10 +194,6 @@
 use Illuminate\Config\Repository as ConfigRepository;
 use Illuminate\Contracts\Debug\ExceptionHandler as ExceptionHandlerInterface;
 use Illuminate\Contracts\Foundation\Application;
-use Illuminate\Contracts\Foundation\CachesRoutes;
-use Illuminate\Http\Request;
-use Illuminate\Routing\Route;
-use Illuminate\Routing\RouteCollection;
 use Illuminate\Routing\Router;
 use Illuminate\Support\ServiceProvider;
 use Negotiation\Negotiator;
@@ -1346,7 +1340,7 @@ private function registerGraphQl(Application $app): void
     /**
      * Bootstrap services.
      */
-    public function boot(ResourceNameCollectionFactoryInterface $resourceNameCollectionFactory, ResourceMetadataCollectionFactoryInterface $resourceMetadataFactory, Router $router): void
+    public function boot(): void
     {
         if ($this->app->runningInConsole()) {
             $this->publishes([
@@ -1368,94 +1362,6 @@ public function boot(ResourceNameCollectionFactoryInterface $resourceNameCollect
             $typeBuilder->setFieldsBuilderLocator(new ServiceLocator(['api_platform.graphql.fields_builder' => $fieldsBuilder]));
         }
 
-        if (!$this->shouldRegisterRoutes()) {
-            return;
-        }
-
-        $globalMiddlewares = $config->get('api-platform.routes.middleware');
-        $routeCollection = new RouteCollection();
-        foreach ($resourceNameCollectionFactory->create() as $resourceClass) {
-            foreach ($resourceMetadataFactory->create($resourceClass) as $resourceMetadata) {
-                foreach ($resourceMetadata->getOperations() as $operation) {
-                    $uriTemplate = $operation->getUriTemplate();
-                    // _format is read by the middleware
-                    $uriTemplate = $operation->getRoutePrefix().str_replace('{._format}', '{_format?}', $uriTemplate);
-                    $route = (new Route([$operation->getMethod()], $uriTemplate, [ApiPlatformController::class, '__invoke']))
-                        ->where('_format', '^\.[a-zA-Z]+')
-                        ->name($operation->getName())
-                        ->setDefaults(['_api_operation_name' => $operation->getName(), '_api_resource_class' => $operation->getClass()]);
-
-                    $route->middleware(ApiPlatformMiddleware::class.':'.$operation->getName());
-                    $route->middleware($globalMiddlewares);
-                    $route->middleware($operation->getMiddleware());
-
-                    $routeCollection->add($route);
-                }
-            }
-        }
-
-        $prefix = $config->get('api-platform.defaults.route_prefix') ?? '';
-        $route = new Route(['GET'], $prefix.'/contexts/{shortName?}{_format?}', [ContextAction::class, '__invoke']);
-        $route->name('api_jsonld_context');
-        $route->middleware(ApiPlatformMiddleware::class);
-        $route->middleware($globalMiddlewares);
-        $routeCollection->add($route);
-        $route = new Route(['GET'], $prefix.'/docs{_format?}', function (Request $request, Application $app) {
-            $documentationAction = $app->make(DocumentationController::class);
-
-            return $documentationAction->__invoke($request);
-        });
-        $route->name('api_doc');
-        $route->middleware(ApiPlatformMiddleware::class);
-        $route->middleware($globalMiddlewares);
-        $routeCollection->add($route);
-
-        $route = new Route(['GET'], $prefix.'/.well-known/genid/{id}', function (): void {
-            throw new NotExposedHttpException('This route is not exposed on purpose. It generates an IRI for a collection resource without identifier nor item operation.');
-        });
-        $route->name('api_genid');
-        $route->middleware(ApiPlatformMiddleware::class);
-        $route->middleware($globalMiddlewares);
-        $routeCollection->add($route);
-
-        if ($config->get('api-platform.graphql.enabled')) {
-            $route = new Route(['POST', 'GET'], $prefix.'/graphql', function (Application $app, Request $request) {
-                $entrypointAction = $app->make(GraphQlEntrypointController::class);
-
-                return $entrypointAction->__invoke($request);
-            });
-            $route->middleware($globalMiddlewares);
-            $routeCollection->add($route);
-
-            $route = new Route(['GET'], $prefix.'/graphiql', function (Application $app) {
-                $controller = $app->make(GraphiQlController::class);
-
-                return $controller->__invoke();
-            });
-            $route->middleware($globalMiddlewares);
-            $routeCollection->add($route);
-        }
-
-        $route = new Route(['GET'], $prefix.'/{index?}{_format?}', function (Request $request, Application $app) {
-            $entrypointAction = $app->make(EntrypointController::class);
-
-            return $entrypointAction->__invoke($request);
-        });
-        $route->where('index', 'index');
-        $route->name('api_entrypoint');
-        $route->middleware(ApiPlatformMiddleware::class);
-        $route->middleware($globalMiddlewares);
-        $routeCollection->add($route);
-
-        $router->setRoutes($routeCollection);
-    }
-
-    private function shouldRegisterRoutes(): bool
-    {
-        if ($this->app instanceof CachesRoutes && $this->app->routesAreCached()) {
-            return false;
-        }
-
-        return true;
+        $this->loadRoutesFrom(__DIR__.'/routes/api.php');
     }
 }
diff --git a/src/Laravel/Tests/ApiTest.php b/src/Laravel/Tests/ApiTest.php
@@ -0,0 +1,48 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+use ApiPlatform\Laravel\Test\ApiTestAssertionsTrait;
+use Illuminate\Contracts\Config\Repository;
+use Illuminate\Foundation\Application;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Orchestra\Testbench\Concerns\WithWorkbench;
+use Orchestra\Testbench\TestCase;
+
+class ApiTest extends TestCase
+{
+    use ApiTestAssertionsTrait;
+    use RefreshDatabase;
+    use WithWorkbench;
+
+    /**
+     * @param Application $app
+     */
+    protected function defineEnvironment($app): void
+    {
+        tap($app['config'], function (Repository $config): void {
+            $config->set('api-platform.routes.domain', 'http://test.com');
+            $config->set('app.debug', true);
+            $config->set('api-platform.formats', ['jsonld' => ['application/ld+json']]);
+            $config->set('api-platform.docs_formats', ['jsonld' => ['application/ld+json']]);
+        });
+    }
+
+    public function testDomainCanBeSet(): void
+    {
+        $response = $this->get('http://foobar.com/api/', ['accept' => ['application/ld+json']]);
+        $response->assertNotFound();
+
+        $response = $this->get('http://test.com/api/', ['accept' => ['application/ld+json']]);
+        $response->assertSuccessful();
+    }
+}
diff --git a/src/Laravel/config/api-platform.php b/src/Laravel/config/api-platform.php
@@ -10,6 +10,7 @@
     'version' => '1.0.0',
 
     'routes' => [
+        'domain' => null,
         // Global middleware applied to every API Platform routes
         // 'middleware' => []
     ],
@@ -43,20 +44,20 @@
         'pagination_enabled' => true,
         'pagination_partial' => false,
         'pagination_client_enabled' => false,
-		'pagination_client_items_per_page' => false,
-		'pagination_client_partial' => false,
-		'pagination_items_per_page' => 30,
-		'pagination_maximum_items_per_page' => 30,
+        'pagination_client_items_per_page' => false,
+        'pagination_client_partial' => false,
+        'pagination_items_per_page' => 30,
+        'pagination_maximum_items_per_page' => 30,
         'route_prefix' => '/api',
         'middleware' => [],
     ],
 
-	'pagination' => [
-		'page_parameter_name' => 'page',
-		'enabled_parameter_name' => 'pagination',
-		'items_per_page_parameter_name' => 'itemsPerPage',
-		'partial_parameter_name' => 'partial',
-	],
+    'pagination' => [
+        'page_parameter_name' => 'page',
+        'enabled_parameter_name' => 'pagination',
+        'items_per_page_parameter_name' => 'itemsPerPage',
+        'partial_parameter_name' => 'partial',
+    ],
 
     'graphql' => [
         'enabled' => false,
diff --git a/src/Laravel/routes/api.php b/src/Laravel/routes/api.php
@@ -0,0 +1,80 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+use ApiPlatform\JsonLd\Action\ContextAction;
+use ApiPlatform\Laravel\ApiPlatformMiddleware;
+use ApiPlatform\Laravel\Controller\ApiPlatformController;
+use ApiPlatform\Laravel\Controller\DocumentationController;
+use ApiPlatform\Laravel\Controller\EntrypointController;
+use ApiPlatform\Laravel\GraphQl\Controller\EntrypointController as GraphQlEntrypointController;
+use ApiPlatform\Laravel\GraphQl\Controller\GraphiQlController;
+use ApiPlatform\Metadata\Exception\NotExposedHttpException;
+use ApiPlatform\Metadata\HttpOperation;
+use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
+use ApiPlatform\Metadata\Resource\Factory\ResourceNameCollectionFactoryInterface;
+use Illuminate\Support\Facades\Route;
+use Illuminate\Support\Str;
+
+$globalMiddlewares = config()->get('api-platform.routes.middleware', []);
+$domain = config()->get('api-platform.routes.domain');
+
+Route::domain($domain)->middleware($globalMiddlewares)->group(function (): void {
+    $resourceNameCollectionFactory = app()->make(ResourceNameCollectionFactoryInterface::class);
+    $resourceMetadataFactory = app()->make(ResourceMetadataCollectionFactoryInterface::class);
+
+    foreach ($resourceNameCollectionFactory->create() as $resourceClass) {
+        foreach ($resourceMetadataFactory->create($resourceClass) as $resourceMetadata) {
+            foreach ($resourceMetadata->getOperations() as $operation) {
+                /* @var HttpOperation $operation */
+                Route::addRoute($operation->getMethod(), Str::replace('{._format}', '{_format?}', $operation->getUriTemplate()), ApiPlatformController::class)
+                    ->prefix($operation->getRoutePrefix())
+                    ->middleware(ApiPlatformMiddleware::class.':'.$operation->getName())
+                    ->middleware($operation->getMiddleware())
+                    ->where('_format', '^\.[a-zA-Z]+')
+                    ->name($operation->getName())
+                    ->setDefaults(['_api_operation_name' => $operation->getName(), '_api_resource_class' => $operation->getClass()]);
+            }
+        }
+    }
+
+    $prefix = config()->get('api-platform.defaults.route_prefix') ?? '';
+
+    Route::group(['prefix' => $prefix], function (): void {
+        Route::group(['middleware' => ApiPlatformMiddleware::class], function (): void {
+            Route::get('/contexts/{shortName?}{_format?}', ContextAction::class)
+                ->middleware(ApiPlatformMiddleware::class)
+                ->name('api_jsonld_context');
+
+            Route::get('/docs{_format?}', DocumentationController::class)
+                ->middleware(ApiPlatformMiddleware::class)
+                ->name('api_doc');
+
+            Route::get('/.well-known/genid/{id}', fn () => throw new NotExposedHttpException('This route is not exposed on purpose. It generates an IRI for a collection resource without identifier nor item operation.'))
+                ->middleware(ApiPlatformMiddleware::class)
+                ->name('api_genid');
+
+            Route::get('/{index?}{_format?}', EntrypointController::class)
+                ->where('index', 'index')
+                ->middleware(ApiPlatformMiddleware::class)
+                ->name('api_entrypoint');
+        });
+
+        if (config()->get('api-platform.graphql.enabled')) {
+            Route::addRoute(['POST', 'GET'], '/graphql', GraphQlEntrypointController::class)
+                ->name('api_graphql');
+
+            Route::get('/graphiql', GraphiQlController::class)
+                ->name('api_graphiql');
+        }
+    });
+});
