Extender auto-discovery/loading

clarkwinkelmann

I believe there's a use case for extension- or package- provided extenders that should run as soon as the package is installed, no matter if the package is an extension (enabled or disabled) or just a regular package.

Use cases:

An extension wants to show additional information on its disabled extension page
An extension wants to run custom logic before it gets enabled (lifecycle extenders run too late to impact Flarum application boot)
A library provides re-usable javascript or PHP components that need to be loaded with a Flarum extender, and we want to make it as easy for developers to include in their own extensions
Provide hidden extensions/extenders on a managed forum service through Composer package that can be updated independently (whereas root extend.php cannot)

My suggestion is to create something similar to Laravel's package discovery https://laravel.com/docs/9.x/packages#package-discovery , except it would give paths to extend.php files that Flarum should load.

Using a new composer.json key is probably the best for performance, as Flarum would otherwise need to scan every package folder for a file with a specific filename. And if we allow regular non-extension packages to use this feature, there could easily be thousands of packages. Reading from composer.json means a single read operation (already done by the extension manager) + one require operation for every file found.

I see mostly 2 areas of concern:

Stability: auto-loading extenders means that if an extender is breaking your forum, you can't just disable the extension, you have to uninstall it entirely. But since this is quite rare and that we have strengthened Flarum's boot against fatal errors, I don't think it's a bigger deal to uninstall a package versus going into the database to manually disable an extension in the JSON array.

Security: if any package can auto-load code, this increases the number of entry points for malicious code. I don't think it's a big deal though because packages already have lots of way to compromise a server (through their own library code when called, through Composer hooks, ... EDIT: and Composer autoload files / src map of course!)

If we believe this is too risky for general extensions, we could maybe have this behind a config.php setting, that would allow customized Flarum installs/hostings to enable this feature with their private Composer-compatible packages?

luceos

clarkwinkelmann your concerns already void. We can see that from fof nightmode. It uses composer to replace classes in core directly. So any faulty or malignant extension can break Flarum even without being enabled.