javier/construprogress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: optimize project-map Livewire component with eager loading, XSS prevention, URL validation, and performance improvements

Browse Source
This commit is contained in:
Javier Braña
2026-05-28 21:46:25 +02:00
parent 2711dcf2f2
commit c832d4f3da
1 changed files with 247 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files
resources/views/livewire/projects/project-map.blade.php
+122 -31
View File
@@ -17,7 +17,7 @@
class="toggle toggle-xs toggle-primary">
<span style="color: {{ $phase->color }};" class="text-lg"></span>
<span class="flex-1 font-medium text-sm truncate">{{ $phase->name }}</span>
<span class="badge badge-sm {{ $phase->progress_percent >= 100 ? 'badge-success' : 'badge-ghost' }}">{{ $phase->progress_percent }}%</span>
<span class="badge badge-sm {{ $phase->progress_percent >= 100 ? 'badge-success' : 'badge-ghost' }}">{{ $phase->progress_percent }}</span>
</div>
{{-- Capas de esta fase --}}
@@ -61,7 +61,7 @@
<div class="mt-2 space-y-1">
<a href="{{ route('projects.media', $project) }}" class="btn btn-sm btn-outline w-full">
📁 {{ __("Project files") }}
</a>
</button>
<button wire:click="$dispatch('centerMap')" class="btn btn-sm btn-outline w-full">
📍 {{ __("Centered in project") }}
</button>
@@ -189,7 +189,7 @@
@foreach($inspectionHistory as $ins)
<div class="border rounded p-2 text-xs">
<div class="flex justify-between">
<span class="font-medium">{{ $ins->template?->name ?? {{ __("Inspection") }} }}</span>
<span class="font-medium">{{ $ins->template?->name ?? __("Inspection") }}</span>
<span class="text-gray-400">{{ $ins->created_at->diffForHumans() }}</span>
</div>
@if($ins->user)<span class="text-gray-500">por {{ $ins->user->name }}</span>@endif
@@ -293,18 +293,48 @@
</div>
</div>
</div>
@push('scripts')
<style>
@push('styles')
<style>
.leaflet-container { z-index: 0 !important; }
</style>
<script>
</style>
@endpush
@push('scripts')
<script>
let map;
const layers = {};
let imageMarkersLayer = null;
let imageViewerModal = null;
let mapInitialized = false;
let combinedBounds = null;
// Utility function to escape HTML
function escapeHtml(text) {
if (text === null || text === undefined) return '';
return String(text)
.replace(/&/g, '&amp;')
.replace(/</g, '&lt;')
.replace(/>/g, '&gt;')
.replace(/"/g, '&quot;')
.replace(/'/g, '&#039;');
}
// Utility function to validate URL
function isValidUrl(string) {
try {
new URL(string);
return true;
} catch (_) {
return false;
}
}
function initMap() {
if (map) return;
// Prevent multiple initializations
if (mapInitialized || map) return;
mapInitialized = true;
const center = [{{ $project->lat }}, {{ $project->lng }}];
map = L.map('map').setView(center, 16);
@@ -342,12 +372,16 @@
onEachFeature: function(feature, layer) {
const props = feature.properties || {};
const featId = props._feature_id || feature.id;
let content = `<b>${props.name || 'Elemento'}</b><br>
{{ __("Progress") }}: ${props.progress || 0}%<br>
{{ __("Responsible") }}: ${props.responsible || '-'}<br>
// Escape all user-generated content for HTML context
const safeName = escapeHtml(props.name || 'Elemento');
const safeProgress = escapeHtml(props.progress || 0);
const safeResponsible = escapeHtml(props.responsible || '-');
let content = `<b>${safeName}</b><br>
{{ __("Progress") }}: ${safeProgress}%<br>
{{ __("Responsible") }}: ${safeResponsible}<br>
<button class="btn btn-xs btn-primary mt-1" onclick="selectFeature('${featId}')">✏️ Editar</button>`;
layer.bindPopup(content);
layer.on('click', function() { selectFeature(' + featId + '); });
layer.on('click', function() { selectFeature(featId); });
}
});
layers[{{ $phase->id }}] = phaseLayer;
@@ -355,28 +389,46 @@
phaseLayer.addTo(map);
@endif
}
})();
})()
@endforeach
// Initialize combined bounds
updateCombinedBounds();
setTimeout(() => {
map.invalidateSize();
zoomToAllFeatures();
}, 200);
}, 100); // Reduced from 200ms to 100ms
}
function zoomToAllFeatures() {
function updateCombinedBounds() {
if (!map) return;
const bounds = L.latLngBounds();
combinedBounds = L.latLngBounds();
let hasBounds = false;
for (let id in layers) {
const layer = layers[id];
if (map.hasLayer(layer) && typeof layer.getBounds === 'function') {
const b = layer.getBounds();
if (b.isValid()) { bounds.extend(b); hasBounds = true; }
if (b.isValid()) {
combinedBounds.extend(b);
hasBounds = true;
}
}
if (hasBounds) map.fitBounds(bounds, { padding: [20, 20] });
else map.setView([{{ $project->lat }}, {{ $project->lng }}], 16);
}
return hasBounds;
}
function zoomToAllFeatures() {
if (!map) return;
// Update combined bounds if needed
updateCombinedBounds();
if (combinedBounds && combinedBounds.isValid()) {
map.fitBounds(combinedBounds, { padding: [20, 20] });
} else {
map.setView([{{ $project->lat }}, {{ $project->lng }}], 16);
}
}
function selectFeature(featureId) {
@@ -396,7 +448,7 @@
}
document.addEventListener('livewire:init', function () {
setTimeout(initMap, 100);
setTimeout(initMap, 50); // Reduced from 100ms to 50ms
Livewire.on('layersUpdated', (activeIds) => {
// Livewire wraps single parameters in an array, so we need to extract the actual data
@@ -404,22 +456,45 @@
for (let id in layers) {
const lid = parseInt(id);
if (ids.includes(lid)) {
if (!map.hasLayer(layers[id])) layers[id].addTo(map);
if (!map.hasLayer(layers[id])) {
layers[id].addTo(map);
// Update combined bounds when adding a layer
updateCombinedBounds();
}
} else {
if (map.hasLayer(layers[id])) map.removeLayer(layers[id]);
if (map.hasLayer(layers[id])) {
map.removeLayer(layers[id]);
// Update combined bounds when removing a layer
updateCombinedBounds();
}
}
}
zoomToAllFeatures();
);
});
Livewire.on('centerMap', zoomToAllFeatures);
Livewire.on('mapResize', () => { if (map) setTimeout(() => map.invalidateSize(), 100); });
Livewire.on('mapResize', () => {
if (map) {
// Throttle resize events to prevent excessive calls
if (!this.resizeTimeout) {
this.resizeTimeout = setTimeout(() => {
map.invalidateSize();
this.resizeTimeout = null;
}, 100);
}
}
});
// Toggle imágenes en mapa
Livewire.on('featureImagesToggled', (show, markers) => {
const m = Array.isArray(markers) ? markers : markers[1];
const s = Array.isArray(show) ? show[0] : show;
if (imageMarkersLayer) { map.removeLayer(imageMarkersLayer); imageMarkersLayer = null; }
if (imageMarkersLayer) {
map.removeLayer(imageMarkersLayer);
imageMarkersLayer = null;
// Update bounds when removing image markers layer
updateCombinedBounds();
}
if (s && m && m.length > 0) {
imageMarkersLayer = L.layerGroup().addTo(map);
const photoIcon = L.divIcon({
@@ -429,30 +504,46 @@
iconAnchor: [10, 10]
});
m.forEach(marker => {
const popupContent = `<b>${marker.name}</b><br>
<img src="${marker.image_url}" class="max-w-[200px] max-h-[150px] rounded cursor-pointer"
onclick="window.openViewer('${marker.image_url}', '${marker.image_name}')" />`;
// Validate URL and sanitize name for security
const safeUrl = isValidUrl(marker.image_url) ? marker.image_url : '';
const safeName = escapeHtml(marker.image_name || '');
if (safeUrl) { // Only add marker if URL is valid
const popupContent = `<b>${safeName}</b><br>
<img src="${safeUrl}" class="max-w-[200px] max-h-[150px] rounded cursor-pointer"
onclick="window.openViewer('${safeUrl}', '${safeName}')" />`;
L.marker([marker.lat, marker.lng], { icon: photoIcon })
.bindPopup(popupContent)
.addTo(imageMarkersLayer);
}
});
// Update bounds when adding image markers layer
updateCombinedBounds();
}
});
// Modal para ver imagen al hacer clic
window.openViewer = function(url, name) {
// Validate URL and sanitize name for security
if (!isValidUrl(url)) {
console.error('Invalid URL provided to openViewer:', url);
return;
}
const safeName = escapeHtml(name);
if (imageViewerModal) imageViewerModal.remove();
const overlay = document.createElement('div');
overlay.id = 'imageViewerModal';
overlay.style.cssText = 'position:fixed;inset:0;z-index:5000;background:rgba(0,0,0,0.85);display:flex;align-items:center;justify-content:center;padding:20px;cursor:pointer';
overlay.innerHTML = `<div style="position:relative;max-width:90vw;max-height:90vh">
<button onclick="this.closest('#imageViewerModal').remove()" style="position:absolute;top:-30px;right:0;color:white;font-size:24px;background:none;border:none;cursor:pointer"></button>
<img src="${url}" alt="${name}" style="max-width:100%;max-height:85vh;object-fit:contain;border-radius:8px;box-shadow:0 4px 20px rgba(0,0,0,0.5)" />
<p style="color:white;text-align:center;margin-top:8px;font-size:14px">${name}</p>
<img src="${url}" alt="${safeName}" style="max-width:100%;max-height:85vh;object-fit:contain;border-radius:8px;box-shadow:0 4px 20px rgba(0,0,0,0.5)" />
<p style="color:white;text-align:center;margin-top:8px;font-size:14px">${safeName}</p>
</div>`;
overlay.addEventListener('click', (e) => { if (e.target === overlay) overlay.remove(); });
document.body.appendChild(overlay);
imageViewerModal = overlay;
};
});
</script>
</script>
@endpush