* Feature: allow configuring custom paths to serve assets from.

* Fix: Avoid serving files outside these directories (when a relative path is given in url)

Author: zolex

README.md

@@ -41,19 +41,27 @@ return function (array $context) {
 
 ### Assets
 
-To allow serving public bundle assets (like API-Platform's Swagger-UI) through ReactPHP, add this file to your project `config/routes/react_bundle.yaml`
+To allow serving assets from the public directory through ReactPHP, add this file to your project `config/routes/react_bundle.yaml`
 ```yaml
-react_bundle:
-  type: react_bundle
+reactphp_bundle:
+  type: reactphp_bundle
   resource: .
 ```
 
+By default, only files in the `public/bundles` directory are served (like Swagger-UI in API-Platform).
+Additional directories and files can be registered in the bundle config at `config/bundles/zolex_react_php.yaml`:
+
+```yaml
+zolex_react_php:
+    asset_paths:
+        - /bundles/
+        - /custom-dir/
+        - /single-file.js
+        - /another/single/file.css
+```
+
 ### Start the server
 
 ```bash
 APP_RUNTIME="Zolex\\ReactPhpBundle\\Runtime\\ReactPhpRuntime" php public/index.php
 ```
-
-### Credits
-
-This bundle is inspired by [runtime/reactphp](https://github.com/php-runtime/reactphp).

src/Action/ServeBundleAssetsAction.php

@@ -22,16 +22,12 @@ public function __construct(private string $projectDir)
     {
     }
 
-    public function __invoke(string $file)
+    public function __invoke(string $directory, string $file)
     {
-        $path = $this->projectDir.'/public/bundles/'.$file;
-
-        if (!is_readable($path)) {
-            throw new NotFoundHttpException("'$file' is not readable.");
-        }
-
-        if (is_dir($path)) {
-            throw new NotFoundHttpException("'$file' is a directory.");
+        $baseDir = $this->projectDir.'/public'. ('/' !== $directory ? '/'.$directory : '');
+        $path = realpath($baseDir.'/'.$file);
+        if (false === $path || !is_readable($path) || is_dir($path) || !str_starts_with($path, $baseDir)) {
+            throw new NotFoundHttpException();
         }
 
         $contentType = match (pathinfo($path)['extension']) {

src/DependencyInjection/Configuration.php

@@ -20,16 +20,15 @@ class Configuration implements ConfigurationInterface
 {
     public function getConfigTreeBuilder(): TreeBuilder
     {
-        $treeBuilder = new TreeBuilder('zolex_reactphp');
-        /*
+        $treeBuilder = new TreeBuilder('zolex_react_php');
         $rootNode = $treeBuilder->getRootNode();
         $rootNode
             ->children()
                 ->arrayNode('asset_paths')
-                    ->arrayPrototype()
+                    ->defaultValue(['/bundles'])
+                    ->stringPrototype()
                 ->end()
             ->end();
-        */
 
         return $treeBuilder;
     }

src/DependencyInjection/ZolexReactPhpExtension.php

@@ -34,5 +34,7 @@ public function load(array $configs, ContainerBuilder $container)
 
     public function process(ContainerBuilder $container)
     {
+        $routeLoader = $container->getDefinition('zolex.reactphp_bundle.routing.loader');
+        $routeLoader->addMethodCall('setAssetPaths', [$this->config['asset_paths']]);
     }
 }

src/Resources/config/services.xml

@@ -11,6 +11,9 @@
 
         <service id="zolex.reactphp_bundle.routing.loader" class="Zolex\ReactPhpBundle\Routing\Loader\ReactPhpBundleLoader">
             <tag name="routing.loader"/>
+            <call method="setProjectDir">
+                <argument>%kernel.project_dir%</argument>
+            </call>
         </service>
     </services>
 </container>

src/Routing/Loader/ReactPhpBundleLoader.php

@@ -19,25 +19,62 @@
 
 final class ReactPhpBundleLoader extends Loader
 {
+    private array $assetPaths;
+    private string $publicPath;
+
     public function supports($resource, $type = null): bool
     {
         return 'reactphp_bundle' === $type;
     }
 
+    public function setProjectDir(string $path): void
+    {
+        $this->publicPath = rtrim($path, '/') . '/public';
+    }
+
+    public function setAssetPaths(array $paths): void
+    {
+        $this->assetPaths = $paths;
+    }
+
     public function load(mixed $resource, ?string $type = null): RouteCollection
     {
         $routes = new RouteCollection();
-        $routes->add(
-            name: 'zolex:reactphp_bundle',
-            route: new Route(
-                path: '/bundles/{file}',
-                defaults: [
-                    '_controller' => 'zolex.reactphp_bundle.serve_bundle_assets_action',
-                ],
-                requirements: ['file' => '.*'],
-                methods: ['GET']
-            ),
-        );
+        foreach ($this->assetPaths as $assetPath) {
+            $target = trim($assetPath, '/');
+            if (!is_readable($this->publicPath . '/'. $target)) {
+                user_error('Tried to register "'. $target . '" asset path, but it does not exist or is not readable.', E_USER_WARNING);
+                continue;
+            }
+
+            if (is_file($this->publicPath . '/'. $target)) {
+                $routes->add(
+                    name: 'zolex:reactphp_bundle:' . str_replace('/', '_', $target),
+                    route: new Route(
+                        path: '/' . $target,
+                        defaults: [
+                            '_controller' => 'zolex.reactphp_bundle.serve_bundle_assets_action',
+                            'directory' => '/',
+                            'file' => $target,
+                        ],
+                        methods: ['GET']
+                    ),
+                );
+            } else {
+                $routes->add(
+                    name: 'zolex:reactphp_bundle:' . str_replace('/', '_', $target),
+                    route: new Route(
+                        path: '/' . $target . '/{file}',
+                        defaults: [
+                            '_controller' => 'zolex.reactphp_bundle.serve_bundle_assets_action',
+                            'directory' => $target,
+                        ],
+                        requirements: ['file' => '.*'],
+                        methods: ['GET']
+                    ),
+                );
+            }
+        }
 
         return $routes;
     }