Merge pull request #11 from Laragear/feat/2.x/livewire-filament

[2.x] Adds Livewire and Filament helpers

Author: DarkGhostHunter

.gitattributes

@@ -10,3 +10,4 @@
 /phpunit.xml        export-ignore
 /tests              export-ignore
 /.editorconfig      export-ignore
+/phpstan.neon       export-ignore

.github/workflows/php.yml

@@ -61,6 +61,7 @@ jobs:
           - 12.*
           - 13.*
         dependencies: [ lowest, highest ]
+        include-filament: [ true ]
 
     steps:
       - name: Set up PHP
@@ -73,6 +74,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v6
 
+      # Remove this once Filament PHP v5 gets Laravel 13 compatibility.
+      - name: Remove Filament for Laravel 13 compatibility
+        if: matrix.laravel-constraint == '13.*'
+        run: composer remove "filament/filament" --dev --no-update
+
       - name: Install dependencies
         uses: ramsey/composer-install@v3
         with:

README.md

@@ -107,7 +107,7 @@ Finally, you can also set a custom callback name to be executed once the script
 
 #### Site Key on JavaScript frontend
 
-If you put the script on the `<head>` part of your HTML view, you may set the `meta` attribute to render a `<meta>` tag alongside the script. This tag will contain your Turnstile site key so your JavaScript frontend can  retrieve use it to render the widget.
+If you put the script on the `<head>` part of your HTML view, you may set the `meta` attribute to render a `<meta>` tag alongside the script. This tag will contain your Turnstile site-key so your JavaScript frontend can use it to render the widget.
 
 ```blade
 <!DOCTYPE html>
@@ -161,11 +161,24 @@ Alternatively, you may set a custom name for the tag by setting a value to the `
 <meta name="my-custom-key" content="1x00000000000000000000AA" />
 ```
 
+#### Preconnect
+
+You can also add a [resource hint to Cloudflare servers](https://developers.cloudflare.com/turnstile/get-started/client-side-rendering/#2-optional-optimize-performance-with-resource-hints) by setting the `preconnect` attribute in the component.
+
+```blade
+<x-turnstile::script preconnect />
+```
+
+```html
+<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" defer async></script>
+<link rel="preconnect" href="https://challenges.cloudflare.com">
+```
+
 ### Widget
 
 > [!IMPORTANT]
 > 
-> Remember that the Widget Mode is controlled via your [Cloudflare Dashboard](https://dash.cloudflare.com), not here. On development, this is controlled with [testing keys](#testing-keys).
+> Remember that the Widget Mode is controlled via your [Cloudflare Dashboard](https://dash.cloudflare.com), not here. In development, this is controlled with [testing keys](#testing-keys).
 
 You can use the `<x-turnstile::widget />` Blade Component to add the Turnstile Widget in your forms. Depending on the Widget Mode, the Widget may render as usual or be invisible at Turnstile discretion.
 
@@ -440,7 +453,7 @@ use Laragear\Turnstile\Http\Middleware\TurnstileMiddleware;
 TurnstileMiddleware::auth('admin');
 ```
 
-To complement this, you should add the [widget](#widget) to your forms only if user is a guest for the given guards.
+To complement this, you should add the [widget](#widget) to your forms only if the user is a guest for the given guards.
 
 ```blade
 <form id='login' method="POST">
@@ -459,7 +472,7 @@ To complement this, you should add the [widget](#widget) to your forms only if u
 
 #### Middleware accepts failed challenges
 
-You can allow the route to continue even if the challenge failed using the `acceptFailed()` method.
+You can allow the route to continue even if the challenge failed, using the `acceptFailed()` method.
 
 ```php
 use Illuminate\Http\Request;
@@ -564,7 +577,7 @@ $request->validate([
 ]);
 ```
 
-#### Rule accepts failed challenges 
+#### Rule accepts failed challenges
 
 The rule supports not checking if the challenge is successful by setting the `accept-failed` parameter. This can be useful to retrieve the response later and programmatically continue based on the response result through the `sucess()` and `failed()` methods of the `Turnstile` facade.
 
@@ -840,6 +853,198 @@ return Application::configure(basePath: dirname(__DIR__))
     ->create();
 ```
 
+## Livewire Trait
+
+If you're using Liveware, you may use the `Laragear\Turnstile\Livewire\InteractsWithTurnstile` trait in your Livewire pages or components, alongside the [widget](#widget) in your frontend.
+
+The trait overrides the `validate()` method the Component class, and validates the Turnstile Challenge only when all the validation rules pass.
+
+```php
+use App\Models\Ball;
+use Laragear\Turnstile\Livewire\InteractsWithTurnstile;
+use Livewire\Attributes\Rule;
+use Livewire\Component;
+
+class MyCustomPage extends Component
+{
+    use InteractsWithTurnstile;
+    
+    #[Rule('required')]
+    public $name;
+    
+    #[Rule('required')]
+    public $color;
+
+    public function save() : Schema
+    {
+        $data = $this->validate();
+        
+        Ball::create($data);
+    }
+}
+```
+
+If you're using a custom challenge key in your form, you may override the `turnstileToken()` method to retrieve the value of the token form elsewhere.
+
+```php
+public array $data = [];
+
+/**
+ * Return token for the Turnstile Challenge present in the form.
+ */
+protected function turnstileToken(): ?string
+{
+    return $this->data['cloudflare-turnstile-token'];
+}
+```
+
+> [!IMPORTANT]
+> 
+> The Challenge validation does not run when calling `validateOnly()`. In that case, you should [validate manually](#livewire-manual-validation)
+
+### Livewire manual validation
+
+To detach the automatic validation of the Challenge, you can use the `validatesTurnstileAutomatically()` method and return `false`. This way, calling `validate()` in your component won't _consume_ the challenge token.
+
+```php
+/**
+ * If the validation should be run automatically after validation.
+ */
+protected function validatesTurnstileAutomatically(): bool
+{
+    return false;
+}
+```
+
+After that, you may call `validateTurnstile()` manually in your component.
+
+```php
+public function create()
+{
+    $validated = $this->validate();
+    
+    // ...
+    
+    $this->validateTurnstile();
+    
+    Ball::create($validated);
+}
+```
+
+### Handling the Turnstile Challenge
+
+You have access to some useful methods to handle if the challenge should be deemed successful or not, and how to handle successes and failures:
+
+* `skipTurnstileValidation()`: Returns if the challenge verification should run or be skipped.
+* `handleTurnstileChallengeStatus()`: Returns if the challenge is successful or not.
+* `handleSuccessfulTurnstileChallenge()`: Handle a successful Turnstile challenge.
+* `handleFailedTurnstileChallenge()`: Handle a failed Turnstile challenge.
+
+For example, for non-admins, you may check if the challenge is successful if it matches the component action:
+
+```php
+use Illuminate\Support\Str;
+use Laragear\Turnstile\Challenge;
+
+/**
+ * Check if the Turnstile challenge validation should be skipped if authenticated.
+ */
+protected function skipTurnstileValidation(): bool
+{
+    // Do not run if the user is an admin.
+    return auth('admins')->check();
+}
+
+/**
+ * Handles the Turnstile challenge and returns true or false if it has succeeded or failed.
+ */
+protected function handleTurnstileChallengeStatus(Challenge $challenge): bool
+{
+    return $challenge->successful && $challenge->isAction(Str::snake(static::class));
+}
+```
+
+## Filament Widget Field
+
+If you're using Filament, you may use the `Laragear\Turnstile\Filament\Forms\TurnstileWidget` field in your forms. It will automatically inject the Turnstile Script in the page and render the Turnstile Widget. The Turnstile Challenge will be validated only on complete form submission.
+
+```php
+use Filament\Forms\Components\Textarea;
+use Filament\Forms\Components\TextInput;
+use Filament\Forms\Concerns\InteractsWithForms;
+use Filament\Forms\Contracts\HasForms;
+use Filament\Pages\Page;
+use Filament\Schemas\Schema;
+use Laragear\Turnstile\Filament\Forms\TurnstileWidget;
+
+class ContactPage extends Page implements HasForms
+{
+    use InteractsWithForms;
+    
+    public function form(Schema $schema) : Schema
+    {
+        return $schema->components([
+            TextInput::make('subject')->required(),
+            Textarea::make('message')->required(),
+            // Add the Turnstile Widget
+            TurnstileWidget::make(),
+        ]);
+    }
+}
+```
+
+The Widget includes some convenient methods based on the [Cloudflare Turnstile Widget configuration](https://developers.cloudflare.com/turnstile/get-started/client-side-rendering/widget-configurations/):
+
+| Method                             | Description                                                            |
+|------------------------------------|------------------------------------------------------------------------|
+| `normal()`                         | Sets the size of the widget to normal.                                 |
+| `flexible()`                       | Sets the size of the widget to flexible.                               |
+| `compact()`                        | Sets the size of the widget to compact.                                |
+| `system()`                         | Sets the theme of the widget to system/browser default.                |
+| `light()`                          | Sets the theme of the widget to light.                                 |
+| `dark()`                           | Sets the theme of the widget to dark.                                  |
+| `appearanceAlways()`               | Sets the appearance of the widget to always appear.                    |
+| `appearanceExecute()`              | Sets the appearance of the widget to appear on manual execution.       |
+| `appearanceInteractionOnly()`      | Sets the appearance of the widget to appear only when required.        |
+| `executionRender()`                | Sets the execution of the widget challenge as it renders.              |
+| `executionExecute()`               | Sets the execution of the widget challenge on manual execution.        |
+| `languageAuto()`                   | Sets the language of the widget to browser locale.                     |
+| `language(string $lang)`           | Sets the language of the widget to given locale.                       |
+| `languageApp()`                    | Sets the language of the widget to application locale.                 |
+| `tabindex(int $tabindex)`          | Sets the tab order of the widget to one set.                           |
+| `callback(string $functionName)`   | Adds an additional function names to execute on successful challenges. |
+| `actionName(string $functionName)` | Sets the action name for the challenge.                                |
+| `implicit(bool $condition = true)` | Makes the widget be rendered automatically by the script.              |
+
+> [!IMPORTANT]
+>
+> The Filament Turnstile Widget is rendered **implicitly** by default, meaning its rendering is handled internally by AlpineJS. This makes all the options to be passed as a JavaScript object. You can use **explicit** rendering, but you may have problems if Livewire or Filament are configured to run in [SPA mode](https://filamentphp.com/docs/5.x/panel-configuration#spa-mode) or [use islands](https://livewire.laravel.com/docs/4.x/islands).
+
+### Script injection
+
+You don't need to [manually inject the script](#script) in your app frontend, the Filament Widget Field does it automatically for you. Alternatively,  disable the injection using `withoutScript()`.
+
+```php
+use Laragear\Turnstile\Filament\Forms\TurnstileWidget;
+
+TurnstileWidget::make()->withoutScript();
+```
+
+You may also pass the stack where the script should pushed if it's not `scripts`, and additional attributes to pass to the widget, using `withScript()`.
+
+```php
+use Laragear\Turnstile\Filament\Forms\TurnstileWidget;
+
+TurnstileWidget::make()->withScript(
+    stack: 'head-scripts',
+    attributes: ['meta' => true]
+);
+```
+
+> [!NOTE]
+> 
+> If you use `implicit()` rendering on the widget, the widget will automatically remove the [`explicit` flag](#widget) from the script, which will make all widgets render as soon as possible. 
+
 ## Advanced configuration
 
 Laragear Turnstile is intended to work out-of-the-box, but you can publish the configuration file for fine-tuning the Challenge verification.
@@ -856,9 +1061,12 @@ You will get a config file with this array:
 return [
     'env' => env('TURNSTILE_ENV', env('APP_ENV')),
     'key' => \Laragear\Turnstile\Turnstile::KEY,
-    'client' => [
-        \GuzzleHttp\RequestOptions::VERSION => 1.1,
-    ],
+    'client' => array_merge_recursive([
+            \GuzzleHttp\RequestOptions::VERSION => 2.0,
+        ],
+            defined('CURL_VERSION_HTTP3') && curl_version()['features'] & CURL_VERSION_HTTP3
+                ? ['curl' => [CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_3]] : [],
+        ),
     'site_key' => env('TURNSTILE_SITE_KEY'),
     'secret_key' => env('TURNSTILE_SECRET_KEY'),
     'interstitial' => [

composer.json

@@ -35,6 +35,8 @@
         "illuminate/session": "12.*|13.*"
     },
     "require-dev": {
+        "filament/filament": "5.*",
+        "livewire/livewire": "4.*",
         "orchestra/testbench": "10.*|11.*"
     },
     "autoload": {

lang/en/notification.php

@@ -0,0 +1,8 @@
+<?php
+
+return [
+    'failed' => [
+        'title' => 'The Turnstile Challenge is invalid',
+        'body' => 'Please try again or refresh the page.',
+    ],
+];

lang/es/interstitial.php

@@ -0,0 +1,6 @@
+<?php
+
+return [
+    'title' => 'Comprobando la conexión segura',
+    'description' => 'Su navegador será redirigido automáticamente',
+];

lang/es/notification.php

@@ -0,0 +1,7 @@
+<?php
+return [
+    'failed' => [
+        'title' => 'El desafío de Turnstile no es válido',
+        'body' => 'Por favor, inténtalo de nuevo o recarga la página.',
+    ],
+];

lang/es/validation.php

@@ -0,0 +1,5 @@
+<?php
+
+return [
+    'invalid' => 'El desafío de Turnstile es inválido, ausente o falló.',
+];

phpstan.neon

@@ -0,0 +1,3 @@
+parameters:
+    ignoreErrors:
+        - '#Trait Laragear\\Turnstile\\Livewire\\InteractsWithTurnstile is used zero times and is not analysed\.#'