Added WithoutPan middleware

README.md

@@ -117,6 +117,17 @@ To flush your product analytics, you may use the `pan:flush` Artisan command:
 php artisan pan:flush
 ```
 
+## Exclude injection for certain routes
+
+If you want to exclude injection on certain routes of your application, you can
+use the `Pan\Adapters\Laravel\Http\Middleware\WithoutPan` middleware:
+
+```php
+Route::get('/no-pan', function () {
+    return view('no-pan');
+})->middleware(WithoutPan::class);
+```
+
 ## How does it work?
 
 Via middleware, Pan injects a simple JavaScript library into your HTML pages. This library listens to events like `viewed`, `clicked`, or `hovered` and sends the data to your Laravel application. Note that this library does not collect any personal information; such as IP addresses, user agents, or any information that could be used to identify a user.

src/Adapters/Laravel/Http/Middleware/InjectJavascriptLibrary.php

@@ -6,6 +6,7 @@
 
 use Closure;
 use Illuminate\Http\Request;
+use Illuminate\Routing\Route;
 use Illuminate\Support\Facades\File;
 use Pan\PanConfiguration;
 use Symfony\Component\HttpFoundation\Response;
@@ -32,6 +33,11 @@ public function handle(Request $request, Closure $next): Response
     {
         /** @var Response $response */
         $response = $next($request);
+        $route = $request->route();
+
+        if ($route instanceof Route && in_array(WithoutPan::class, $route->middleware())) {
+            return $response;
+        }
 
         if ($response->headers->get('Content-Type') === 'text/html; charset=UTF-8') {
             $content = (string) $response->getContent();
@@ -58,7 +64,8 @@ private function inject(Response $response): void
         $response->setContent(
             str_replace(
                 '</body>',
-                sprintf(<<<'HTML'
+                sprintf(
+                    <<<'HTML'
                             <script>
                                 %s
                             </script>

src/Adapters/Laravel/Http/Middleware/WithoutPan.php

@@ -0,0 +1,17 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Pan\Adapters\Laravel\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+
+final readonly class WithoutPan
+{
+    public function handle(Request $request, Closure $next): Response
+    {
+        return $next($request);
+    }
+}

tests/Unit/Adapters/Laravel/Http/Middleware/InjectJavascriptLibraryTest.php

@@ -1,6 +1,7 @@
 <?php
 
 use Illuminate\Support\Facades\Route;
+use Pan\Adapters\Laravel\Http\Middleware\WithoutPan;
 
 it('does inject the javascript library', function (): void {
     Route::get('/', fn (): string => <<<'HTML'
@@ -24,6 +25,30 @@
         ->assertSee('_TEST_CSRF_TOKEN_');
 });
 
+it('does not inject the javascript library when the exclusion middleware is set', function (): void {
+
+    Route::get('/', fn (): string => <<<'HTML'
+        <html lang="en">
+            <head>
+                <title>My App</title>
+            </head>
+            <body>
+                <h1>Welcome to my app</h1>
+            </body>
+        </html>
+        HTML
+    )->middleware(WithoutPan::class);
+
+    session()->put('_token', '_TEST_CSRF_TOKEN_');
+
+    $response = $this->get('/');
+
+    $response->assertOk()
+        ->assertDontSee('script')
+        ->assertDontSee('_TEST_CSRF_TOKEN_');
+
+});
+
 it('does not inject the javascript library if the content type is not text/html', function (): void {
     Route::get('/', fn () => response('Hello, World!')->header('Content-Type', 'text/plain'));