fix: add security detection for exist HTML files

Author: iamspark1e

src/template.ts

@@ -63,7 +63,7 @@ export function fetchTemplateHTML(entry: EntryPath, pageConfig: PagePluginConfig
         },
         entry.__options.ejsOption
     );
-    const generatedHtml = htmlContent.replace(
+    const generatedHtml = "<!--This is generated by vite-plugin-auto-mpa-html.-->".concat(htmlContent).replace(
         "</html>",
         `<script type="module" src="./${entry.__options.entryName}"></script></html>`
     );
@@ -88,6 +88,10 @@ export function prepareTempEntries(
             throw new Error(`Page entry: ${entry.abs}, its config (config.json) cannot be found, please check!`)
         }
         const generatedHtml = fetchTemplateHTML(entry, pageData)
+        if (existsSync(entry.abs + "/" + entry.__options.templateName)) {
+            console.error(`There is a same name HTML file already exist in entry '${entry.value}', template generation skipped`)
+            return;
+        }
         writeFileSync(entry.abs + "/" + entry.__options.templateName, generatedHtml, {
             encoding: "utf-8",
         });
@@ -102,7 +106,9 @@ export function cleanTempEntries(
     entries.forEach(k => {
         // generate temp entries for build
         const absTemplatePath = k.abs + "/" + k.__options.templateName
-        if (existsSync(absTemplatePath))
-            unlinkSync(absTemplatePath);
+        if (existsSync(absTemplatePath)) {
+            const tmp = readFileSync(absTemplatePath, { encoding: "utf-8" })
+            if (tmp.startsWith("<!--This is generated by vite-plugin-auto-mpa-html.-->")) unlinkSync(absTemplatePath);
+        }
     });
 }

tests/example/src/exist-template/App.jsx

@@ -0,0 +1,33 @@
+import { useState } from 'react'
+import '../App.css'
+
+function App() {
+  const [count, setCount] = useState(0)
+
+  return (
+    <div className="App">
+      <div>
+        <a href="https://vitejs.dev" target="_blank">
+          Vite
+        </a>
+        <a href="https://reactjs.org" target="_blank">
+          React
+        </a>
+      </div>
+      <h1>Vite + React</h1>
+      <div className="card">
+        <button onClick={() => setCount((count) => count + 1)}>
+          count is {count}
+        </button>
+        <p>
+          Edit <code>src/App.jsx</code> and save to test HMR
+        </p>
+      </div>
+      <p className="read-the-docs">
+        Click on the Vite and React logos to learn more
+      </p>
+    </div>
+  )
+}
+
+export default App

tests/example/src/exist-template/config.json

@@ -0,0 +1,6 @@
+{
+    "template": "../../templates/tpl.html",
+    "data": {
+        "title": "Something else that not match tpl's title"
+    }
+}

tests/example/src/exist-template/index.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>This is an exist HTML</title>
+</head>
+<body>
+    
+</body>
+</html>

tests/example/src/exist-template/main.jsx

@@ -0,0 +1,9 @@
+import React from 'react'
+import ReactDOM from 'react-dom/client'
+import App from './App'
+
+ReactDOM.createRoot(document.getElementById('root')).render(
+  <React.StrictMode>
+    <App />
+  </React.StrictMode>,
+)

tests/vite-lifecycles.test.ts

@@ -55,6 +55,20 @@ describe("Test plugin's lifecycle - buildStart", () => {
         ); // contain needed entry module
     });
 
+    // TODO:
+    it("when template is exist in target path, should not be overwritten", () => {
+        // Do a generation
+        const filePath = path.join(__dirname, "example", "src", "exist-template", "index.html");
+        const configPath = path.join(__dirname, "example", "src", "exist-template", "config.json");
+        const configData = fs.readFileSync(configPath, { encoding: "utf-8" });
+        expect(fs.existsSync(filePath)).toBe(true); // temporary generated an entry HTML for build
+        const fileContent = fs.readFileSync(filePath, { encoding: "utf-8" });
+        expect(fileContent).toMatch("</html>"); // correctly end html doc.
+        expect(fileContent).toMatch(
+            `<title>This is an exist HTML</title>`
+        ); // correctly render ejs template with given data
+    });
+
     // Skip EJS Option tests
 });
 
@@ -68,8 +82,16 @@ describe("Test plugin's lifecycle - buildEnd", () => {
     })
 
     it("temporary entries should be cleaned after calling `cleanTempEntries`", () => {
-        entries.entries.forEach((key) => {
-            expect(fs.existsSync(path.resolve(key.abs + "/" + key.__options.templateName))).toBe(false);
-        });
+        const example = entries.entries.find(key => key.value === 'subdir')
+        expect(example).not.toBeUndefined()
+        if(example === undefined) return;
+        expect(fs.existsSync(path.resolve(example.abs + "/" + example.__options.templateName))).toBe(false);
+    });
+
+    // TODO:
+    it("template is not generated by plugin, should not be cleaned", () => {
+        // Do a generation
+        const filePath = path.join(__dirname, "example", "src", "exist-template", "index.html");
+        expect(fs.existsSync(filePath)).toBe(true); // temporary generated an entry HTML for build
     });
 });