Obscure host template filename in public facing attribute

Author: sneakyvv

src/LiveComponent/src/DependencyInjection/LiveComponentExtension.php

@@ -37,6 +37,8 @@
 use Symfony\UX\LiveComponent\Twig\DeterministicTwigIdCalculator;
 use Symfony\UX\LiveComponent\Twig\LiveComponentExtension as LiveComponentTwigExtension;
 use Symfony\UX\LiveComponent\Twig\LiveComponentRuntime;
+use Symfony\UX\LiveComponent\Twig\TemplateCacheWarmer;
+use Symfony\UX\LiveComponent\Twig\TemplateMap;
 use Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer;
 use Symfony\UX\LiveComponent\Util\FingerprintCalculator;
 use Symfony\UX\LiveComponent\Util\LiveControllerAttributesCreator;
@@ -55,6 +57,8 @@
  */
 final class LiveComponentExtension extends Extension implements PrependExtensionInterface
 {
+    public const TEMPLATES_MAP_FILENAME = 'live_components_twig_templates.map';
+
     public function prepend(ContainerBuilder $container)
     {
         // Register the form theme if TwigBundle is available
@@ -190,12 +194,14 @@ function (ChildDefinition $definition, AsLiveComponent $attribute) {
                 new Reference('router'),
                 new Reference('ux.live_component.live_responder'),
                 new Reference('security.csrf.token_manager', ContainerInterface::NULL_ON_INVALID_REFERENCE),
+                new Reference('ux.live_component.twig.template_mapper'),
             ])
         ;
 
         $container->register('ux.live_component.add_attributes_subscriber', AddLiveAttributesSubscriber::class)
             ->setArguments([
                 new Reference('ux.twig_component.component_stack'),
+                new Reference('ux.live_component.twig.template_mapper'),
             ])
             ->addTag('kernel.event_subscriber')
             ->addTag('container.service_subscriber', ['key' => LiveControllerAttributesCreator::class, 'id' => 'ux.live_component.live_controller_attributes_creator'])
@@ -212,6 +218,13 @@ function (ChildDefinition $definition, AsLiveComponent $attribute) {
             ->addTag('form.type')
             ->setPublic(false)
         ;
+
+        $container->register('ux.live_component.twig.template_mapper', TemplateMap::class)
+            ->setArguments(['%kernel.cache_dir%/'.self::TEMPLATES_MAP_FILENAME]);
+
+        $container->register('ux.live_component.twig.cache_warmer', TemplateCacheWarmer::class)
+            ->setArguments([new Reference('twig.template_iterator'), self::TEMPLATES_MAP_FILENAME])
+            ->addTag('kernel.cache_warmer');
     }
 
     private function isAssetMapperAvailable(ContainerBuilder $container): bool

src/LiveComponent/src/EventListener/AddLiveAttributesSubscriber.php

@@ -14,6 +14,7 @@
 use Psr\Container\ContainerInterface;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Contracts\Service\ServiceSubscriberInterface;
+use Symfony\UX\LiveComponent\Twig\TemplateMap;
 use Symfony\UX\LiveComponent\Util\LiveControllerAttributesCreator;
 use Symfony\UX\TwigComponent\ComponentAttributes;
 use Symfony\UX\TwigComponent\ComponentMetadata;
@@ -36,7 +37,8 @@ final class AddLiveAttributesSubscriber implements EventSubscriberInterface, Ser
 {
     public function __construct(
         private ComponentStack $componentStack,
-        private ContainerInterface $container
+        private TemplateMap $templateMap,
+        private ContainerInterface $container,
     ) {
     }
 
@@ -67,7 +69,7 @@ public function onPreRender(PreRenderEvent $event): void
                 // the embedded template so that the blocks from that template
                 // will be used, if any, instead of the originals.
                 $event->setTemplate(
-                    $originalAttributes['data-host-template'],
+                    $this->templateMap->resolve($originalAttributes['data-host-template']),
                     $originalAttributes['data-embedded-template-index'],
                 );
             }

src/LiveComponent/src/Twig/TemplateCacheWarmer.php

@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Symfony\UX\LiveComponent\Twig;
+
+use Symfony\Component\Cache\Adapter\NullAdapter;
+use Symfony\Component\Cache\Adapter\PhpArrayAdapter;
+use Symfony\Component\HttpKernel\CacheWarmer\CacheWarmerInterface;
+
+/**
+ * @author Bart Vanderstukken <bart.vanderstukken@gmail.com>
+ */
+final class TemplateCacheWarmer implements CacheWarmerInterface
+{
+    public function __construct(private \IteratorAggregate $templateIterator, private readonly string $cacheFilename)
+    {
+    }
+
+    public function warmUp(string $cacheDir): void
+    {
+        $map = [];
+        foreach ($this->templateIterator as $item) {
+            $map[bin2hex(random_bytes(16))] = $item;
+        }
+
+        (new PhpArrayAdapter($cacheDir.'/'.$this->cacheFilename, new NullAdapter()))->warmUp(['map' => $map]);
+    }
+
+    public function isOptional(): bool
+    {
+        return false;
+    }
+}

src/LiveComponent/src/Twig/TemplateMap.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Symfony\UX\LiveComponent\Twig;
+
+use Symfony\Component\Cache\Adapter\NullAdapter;
+use Symfony\Component\Cache\Adapter\PhpArrayAdapter;
+
+/**
+ * @author Bart Vanderstukken <bart.vanderstukken@gmail.com>
+ */
+final class TemplateMap
+{
+    private readonly array $map;
+
+    public function __construct(string $cacheFile)
+    {
+        $this->map = (new PhpArrayAdapter($cacheFile, new NullAdapter()))->getItem('map')->get();
+    }
+
+    public function resolve(string $obscuredName)
+    {
+        return $this->map[$obscuredName] ?? throw new \RuntimeException(sprintf('Cannot find a template matching "%s". Cache may be corrupt.', $obscuredName));
+    }
+
+    public function obscuredName(string $templateName): string
+    {
+        $obscuredName = array_search($templateName, $this->map, true);
+        if (false === $obscuredName) {
+            throw new \RuntimeException(sprintf('Cannot find a match for template "%s". Cache may be corrupt.', $templateName));
+        }
+
+        return $obscuredName;
+    }
+}

src/LiveComponent/src/Util/LiveControllerAttributesCreator.php

@@ -18,6 +18,7 @@
 use Symfony\UX\LiveComponent\LiveResponder;
 use Symfony\UX\LiveComponent\Metadata\LiveComponentMetadataFactory;
 use Symfony\UX\LiveComponent\Twig\DeterministicTwigIdCalculator;
+use Symfony\UX\LiveComponent\Twig\TemplateMap;
 use Symfony\UX\TwigComponent\ComponentAttributes;
 use Symfony\UX\TwigComponent\ComponentMetadata;
 use Symfony\UX\TwigComponent\MountedComponent;
@@ -47,6 +48,7 @@ public function __construct(
         private UrlGeneratorInterface $urlGenerator,
         private LiveResponder $liveResponder,
         private ?CsrfTokenManagerInterface $csrfTokenManager,
+        private TemplateMap $templateMap,
     ) {
     }
 
@@ -82,7 +84,7 @@ public function attributesForRendering(MountedComponent $mounted, ComponentMetad
 
         if ($mounted->hasExtraMetadata('hostTemplate') && $mounted->hasExtraMetadata('embeddedTemplateIndex')) {
             $mountedAttributes = $mountedAttributes->defaults([
-                'data-host-template' => $mounted->getExtraMetadata('hostTemplate'),
+                'data-host-template' => $this->templateMap->obscuredName($mounted->getExtraMetadata('hostTemplate')),
                 'data-embedded-template-index' => $mounted->getExtraMetadata('embeddedTemplateIndex'),
             ]);
         }

src/LiveComponent/tests/Functional/EventListener/AddLiveAttributesSubscriberTest.php

@@ -12,6 +12,7 @@
 namespace Symfony\UX\LiveComponent\Tests\Functional\EventListener;
 
 use Symfony\Bundle\FrameworkBundle\Test\KernelTestCase;
+use Symfony\UX\LiveComponent\Tests\LiveComponentTestHelper;
 use Zenstruck\Browser\Test\HasBrowser;
 
 /**
@@ -20,6 +21,8 @@
 final class AddLiveAttributesSubscriberTest extends KernelTestCase
 {
     use HasBrowser;
+    use LiveComponentTestHelper;
+
     /**
      * The deterministic id of the "todo_item" components in todo_list.html.twig.
      * If that template changes, this will need to be updated.
@@ -82,6 +85,10 @@ public function testCanDisableCsrf(): void
 
     public function testItAddsIdAndFingerprintToChildComponent(): void
     {
+        $templateName = 'components/todo_list.html.twig';
+        $obscuredName = 'd9bcb8935cbb4282ac5d227fc82ae782';
+        $this->addTemplateMap($obscuredName, $templateName);
+
         $ul = $this->browser()
             ->visit('/render-template/render_todo_list')
             ->assertSuccessful()
@@ -110,6 +117,10 @@ public function testItAddsIdAndFingerprintToChildComponent(): void
 
     public function testItDoesNotOverrideDataLiveIdIfSpecified(): void
     {
+        $templateName = 'components/todo_list.html.twig';
+        $obscuredName = 'a643d58357b14c9bb077f0c00a742059';
+        $this->addTemplateMap($obscuredName, $templateName);
+
         $ul = $this->browser()
             ->visit('/render-template/render_todo_list_with_live_id')
             ->assertSuccessful()

src/LiveComponent/tests/Functional/EventListener/InterceptChildComponentRenderSubscriberTest.php

@@ -119,6 +119,10 @@ public function testItUsesKeysToRenderChildrenLiveIds(): void
         $urlSimple = $this->doBuildUrlForComponent('todo_list_with_keys', []);
         $urlWithChangedFingerprints = $this->doBuildUrlForComponent('todo_list_with_keys', $fingerprints);
 
+        $templateName = 'components/todo_list_with_keys.html.twig';
+        $obscuredName = '4726a6e348c4496094a4d3bf3693078e';
+        $this->addTemplateMap($obscuredName, $templateName);
+
         $this->browser()
             ->visit($urlSimple)
             ->assertSuccessful()

src/LiveComponent/tests/Functional/EventListener/LiveComponentSubscriberTest.php

@@ -81,11 +81,15 @@ public function testCanRenderComponentAsHtmlWithAlternateRoute(): void
 
     public function testCanExecuteComponentActionNormalRoute(): void
     {
+        $templateName = 'render_embedded_with_blocks.html.twig';
+        $obscuredName = '4bd9245af4594aa28cb77583c29e188e';
+        $this->addTemplateMap($obscuredName, $templateName);
+
         $dehydrated = $this->dehydrateComponent(
             $this->mountComponent(
                 'component2',
                 [
-                    'data-host-template' => 'render_embedded_with_blocks.html.twig',
+                    'data-host-template' => $obscuredName,
                     'data-embedded-template-index' => self::DETERMINISTIC_ID,
                 ]
             )
@@ -226,11 +230,15 @@ public function testPreReRenderHookOnlyExecutedDuringAjax(): void
 
     public function testItAddsEmbeddedTemplateContextToEmbeddedComponents(): void
     {
+        $templateName = 'render_embedded_with_blocks.html.twig';
+        $obscuredName = '1918f197faab43278ba06c0a672a2b97';
+        $this->addTemplateMap($obscuredName, $templateName);
+
         $dehydrated = $this->dehydrateComponent(
             $this->mountComponent(
                 'component2',
                 [
-                    'data-host-template' => 'render_embedded_with_blocks.html.twig',
+                    'data-host-template' => $obscuredName,
                     'data-embedded-template-index' => self::DETERMINISTIC_ID,
                 ]
             )
@@ -242,7 +250,7 @@ public function testItAddsEmbeddedTemplateContextToEmbeddedComponents(): void
             ->assertSee('PreReRenderCalled: No')
             ->assertSee('Embedded content with access to context, like count=1')
             ->assertSeeElement('.component2')
-            ->assertElementAttributeContains('.component2', 'data-live-props-value', '"data-host-template":"render_embedded_with_blocks.html.twig"')
+            ->assertElementAttributeContains('.component2', 'data-live-props-value', '"data-host-template":"'.$obscuredName.'"')
             ->assertElementAttributeContains('.component2', 'data-live-props-value', '"data-embedded-template-index":'.self::DETERMINISTIC_ID)
             ->get('/_components/component2?props='.urlencode(json_encode($dehydrated->getProps())))
             ->assertSuccessful()
@@ -253,11 +261,16 @@ public function testItAddsEmbeddedTemplateContextToEmbeddedComponents(): void
 
     public function testItUseBlocksFromEmbeddedContextUsingMultipleComponents(): void
     {
+        $templateName = 'render_multiple_embedded_with_blocks.html.twig';
+        $obscuredName = '5c474b02358c46cca3da7340cc79cc2e';
+
+        $this->addTemplateMap($obscuredName, $templateName);
+
         $dehydrated = $this->dehydrateComponent(
             $this->mountComponent(
                 'component2',
                 [
-                    'data-host-template' => 'render_multiple_embedded_with_blocks.html.twig',
+                    'data-host-template' => $obscuredName,
                     'data-embedded-template-index' => self::DETERMINISTIC_ID_MULTI_2,
                 ]
             )

src/LiveComponent/tests/LiveComponentTestHelper.php

@@ -11,6 +11,9 @@
 
 namespace Symfony\UX\LiveComponent\Tests;
 
+use Symfony\Component\Cache\Adapter\NullAdapter;
+use Symfony\Component\Cache\Adapter\PhpArrayAdapter;
+use Symfony\UX\LiveComponent\DependencyInjection\LiveComponentExtension;
 use Symfony\UX\LiveComponent\LiveComponentHydrator;
 use Symfony\UX\LiveComponent\Metadata\LiveComponentMetadataFactory;
 use Symfony\UX\LiveComponent\Util\DehydratedProps;
@@ -66,4 +69,14 @@ private function hydrateComponent(object $component, string $name, array $props,
 
         return $this->hydrator()->hydrate($component, $props, $updatedProps, $liveMetadataFactory->getMetadata($name));
     }
+
+    private function addTemplateMap(string $obscuredName, string $templateName): void
+    {
+        if (!self::$booted) {
+            self::bootKernel();
+        }
+
+        $phpArrayAdapter = new PhpArrayAdapter(self::$kernel->getCacheDir().'/'.LiveComponentExtension::TEMPLATES_MAP_FILENAME, new NullAdapter());
+        $phpArrayAdapter->warmUp(['map' => [$obscuredName => $templateName]]);
+    }
 }