refactor(app): Standardize subdomain detection logic (codeigniter4#9751)

* refactor(app): Standardize subdomain detection logic

* Update app/Config/Hostnames.php

Co-authored-by: Pooya Parsa <[email protected]>

* Update tests/system/Helpers/URLHelper/MiscUrlTest.php

Co-authored-by: Pooya Parsa <[email protected]>

* addressing review comments

* cs fix

* cs fix

* cs fix

* remove typo in docs ci-skip

---------

Co-authored-by: Pooya Parsa <[email protected]>

Author: lonnieezell

app/Config/Hostnames.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace Config;
+
+class Hostnames
+{
+    // List of known two-part TLDs for subdomain extraction
+    public const TWO_PART_TLDS = [
+        'co.uk', 'org.uk', 'gov.uk', 'ac.uk', 'sch.uk', 'ltd.uk', 'plc.uk',
+        'com.au', 'net.au', 'org.au', 'edu.au', 'gov.au', 'asn.au', 'id.au',
+        'co.jp', 'ac.jp', 'go.jp', 'or.jp', 'ne.jp', 'gr.jp',
+        'co.nz', 'org.nz', 'govt.nz', 'ac.nz', 'net.nz', 'geek.nz', 'maori.nz', 'school.nz',
+        'co.in', 'net.in', 'org.in', 'ind.in', 'ac.in', 'gov.in', 'res.in',
+        'com.cn', 'net.cn', 'org.cn', 'gov.cn', 'edu.cn',
+        'com.sg', 'net.sg', 'org.sg', 'gov.sg', 'edu.sg', 'per.sg',
+        'co.za', 'org.za', 'gov.za', 'ac.za', 'net.za',
+        'co.kr', 'or.kr', 'go.kr', 'ac.kr', 'ne.kr', 'pe.kr',
+        'co.th', 'or.th', 'go.th', 'ac.th', 'net.th', 'in.th',
+        'com.my', 'net.my', 'org.my', 'edu.my', 'gov.my', 'mil.my', 'name.my',
+        'com.mx', 'org.mx', 'net.mx', 'edu.mx', 'gob.mx',
+        'com.br', 'net.br', 'org.br', 'gov.br', 'edu.br', 'art.br', 'eng.br',
+        'co.il', 'org.il', 'ac.il', 'gov.il', 'net.il', 'muni.il',
+        'co.id', 'or.id', 'ac.id', 'go.id', 'net.id', 'web.id', 'my.id',
+        'com.hk', 'edu.hk', 'gov.hk', 'idv.hk', 'net.hk', 'org.hk',
+        'com.tw', 'net.tw', 'org.tw', 'edu.tw', 'gov.tw', 'idv.tw',
+        'com.sa', 'net.sa', 'org.sa', 'gov.sa', 'edu.sa', 'sch.sa', 'med.sa',
+        'co.ae', 'net.ae', 'org.ae', 'gov.ae', 'ac.ae', 'sch.ae',
+        'com.tr', 'net.tr', 'org.tr', 'gov.tr', 'edu.tr', 'av.tr', 'gen.tr',
+        'co.ke', 'or.ke', 'go.ke', 'ac.ke', 'sc.ke', 'me.ke', 'mobi.ke', 'info.ke',
+        'com.ng', 'org.ng', 'gov.ng', 'edu.ng', 'net.ng', 'sch.ng', 'name.ng',
+        'com.pk', 'net.pk', 'org.pk', 'gov.pk', 'edu.pk', 'fam.pk',
+        'com.eg', 'edu.eg', 'gov.eg', 'org.eg', 'net.eg',
+        'com.cy', 'net.cy', 'org.cy', 'gov.cy', 'ac.cy',
+        'com.lk', 'org.lk', 'edu.lk', 'gov.lk', 'net.lk', 'int.lk',
+        'com.bd', 'net.bd', 'org.bd', 'ac.bd', 'gov.bd', 'mil.bd',
+        'com.ar', 'net.ar', 'org.ar', 'gov.ar', 'edu.ar', 'mil.ar',
+        'gob.cl', 'com.pl', 'net.pl', 'org.pl', 'gov.pl', 'edu.pl',
+        'co.ir', 'ac.ir', 'org.ir', 'id.ir', 'gov.ir', 'sch.ir', 'net.ir',
+    ];
+}

app/Config/Routing.php

@@ -18,6 +18,27 @@
  */
 class Routing extends BaseRouting
 {
+    /**
+     * If TRUE, the system will attempt to match the URI against
+     * Controllers by matching each segment against folders/files
+     * in APPPATH/Controllers, when a match wasn't found against
+     * defined routes.
+     *
+     * If FALSE, will stop searching and do NO automatic routing.
+     *
+     * Default: false
+     */
+    public bool $autoRoute = false;
+
+    /**
+     * If TRUE, the system will use route definition files to
+     * define routes. If FALSE, any routes defined in the Routes.php
+     * files will be ignored.
+     *
+     * Default: true
+     */
+    public bool $definedRoutes = true;
+
     /**
      * For Defined Routes.
      * An array of files that contain route definitions.
@@ -86,16 +107,6 @@ class Routing extends BaseRouting
      */
     public ?string $override404 = null;
 
-    /**
-     * If TRUE, the system will attempt to match the URI against
-     * Controllers by matching each segment against folders/files
-     * in APPPATH/Controllers, when a match wasn't found against
-     * defined routes.
-     *
-     * If FALSE, will stop searching and do NO automatic routing.
-     */
-    public bool $autoRoute = false;
-
     /**
      * If TRUE, the system will look for attributes on controller
      * class and methods that can run before and after the

system/CodeIgniter.php

@@ -797,7 +797,12 @@ protected function tryToRouteIt(?RouteCollectionInterface $routes = null)
         $this->benchmark->start('routing');
 
         if (! $routes instanceof RouteCollectionInterface) {
-            $routes = service('routes')->loadRoutes();
+            $routes = Services::routes();
+
+            // Only load the routes if we are using definedRoutes
+            if (config('Routing')->definedRoutes) {
+                $routes->loadRoutes();
+            }
         }
 
         // $routes is defined in Config/Routes.php

system/Config/Routing.php

@@ -18,6 +18,25 @@
  */
 class Routing extends BaseConfig
 {
+    /**
+     * If TRUE, the system will attempt to match the URI against
+     * Controllers by matching each segment against folders/files
+     * in APPPATH/Controllers, when a match wasn't found against
+     * defined routes.
+     *
+     * If FALSE, will stop searching and do NO automatic routing.
+     */
+    public bool $autoRoute = false;
+
+    /**
+     * If TRUE, the system will use route definition files to
+     * define routes. If FALSE, any routes defined in the Routes.php
+     * files will be ignored.
+     *
+     * Default: true
+     */
+    public bool $definedRoutes = true;
+
     /**
      * For Defined Routes.
      * An array of files that contain route definitions.
@@ -86,16 +105,6 @@ class Routing extends BaseConfig
      */
     public ?string $override404 = null;
 
-    /**
-     * If TRUE, the system will attempt to match the URI against
-     * Controllers by matching each segment against folders/files
-     * in APPPATH/Controllers, when a match wasn't found against
-     * defined routes.
-     *
-     * If FALSE, will stop searching and do NO automatic routing.
-     */
-    public bool $autoRoute = false;
-
     /**
      * If TRUE, the system will look for attributes on controller
      * class and methods that can run before and after the

system/Helpers/url_helper.php

@@ -17,6 +17,7 @@
 use CodeIgniter\HTTP\URI;
 use CodeIgniter\Router\Exceptions\RouterException;
 use Config\App;
+use Config\Hostnames;
 
 // CodeIgniter URL Helpers
 
@@ -534,3 +535,52 @@ function url_is(string $path): bool
         return (bool) preg_match("|^{$path}$|", $currentPath, $matches);
     }
 }
+
+if (! function_exists('parse_subdomain')) {
+    /**
+     * Parses the subdomain from the current host name.
+     *
+     * @param string|null $host The hostname to parse. If null, uses the current request's host.
+     *
+     * @return string The subdomain, or an empty string if none exists.
+     */
+    function parse_subdomain(?string $host = null): string
+    {
+        if ($host === null) {
+            $host = service('request')->getUri()->getHost();
+        }
+
+        // Handle localhost and IP addresses - they don't have subdomains
+        if ($host === 'localhost' || filter_var($host, FILTER_VALIDATE_IP)) {
+            return '';
+        }
+
+        $parts     = explode('.', $host);
+        $partCount = count($parts);
+
+        // Need at least 3 parts for a subdomain (subdomain.domain.tld)
+        // e.g., api.example.com
+        if ($partCount < 3) {
+            return '';
+        }
+
+        // Check if we have a two-part TLD (e.g., co.uk, com.au)
+        $lastTwoParts = $parts[$partCount - 2] . '.' . $parts[$partCount - 1];
+
+        if (in_array($lastTwoParts, Hostnames::TWO_PART_TLDS, true)) {
+            // For two-part TLD, need at least 4 parts for subdomain
+            // e.g., api.example.co.uk (4 parts)
+            if ($partCount < 4) {
+                return ''; // No subdomain, just domain.co.uk
+            }
+
+            // Remove the two-part TLD and domain name (last 3 parts)
+            // e.g., admin.api.example.co.uk -> admin.api
+            return implode('.', array_slice($parts, 0, $partCount - 3));
+        }
+
+        // Standard TLD: Remove TLD and domain (last 2 parts)
+        // e.g., admin.api.example.com -> admin.api
+        return implode('.', array_slice($parts, 0, $partCount - 2));
+    }
+}

system/Language/en/Router.php

@@ -17,4 +17,5 @@
     'missingDefaultRoute'      => 'Unable to determine what should be displayed. A default route has not been specified in the routing file.',
     'invalidDynamicController' => 'A dynamic controller is not allowed for security reasons. Route handler: "{0}"',
     'invalidControllerName'    => 'The namespace delimiter is a backslash (\\), not a slash (/). Route handler: "{0}"',
+    'noRoutingAvailable'       => 'No routing is available. Both auto-routing and defined routes are disabled.',
 ];

system/Router/Attributes/Restrict.php

@@ -42,38 +42,6 @@
 #[Attribute(Attribute::TARGET_CLASS | Attribute::TARGET_METHOD | Attribute::IS_REPEATABLE)]
 class Restrict implements RouteAttributeInterface
 {
-    private const TWO_PART_TLDS = [
-        'co.uk', 'org.uk', 'gov.uk', 'ac.uk', 'sch.uk', 'ltd.uk', 'plc.uk',
-        'com.au', 'net.au', 'org.au', 'edu.au', 'gov.au', 'asn.au', 'id.au',
-        'co.jp', 'ac.jp', 'go.jp', 'or.jp', 'ne.jp', 'gr.jp',
-        'co.nz', 'org.nz', 'govt.nz', 'ac.nz', 'net.nz', 'geek.nz', 'maori.nz', 'school.nz',
-        'co.in', 'net.in', 'org.in', 'ind.in', 'ac.in', 'gov.in', 'res.in',
-        'com.cn', 'net.cn', 'org.cn', 'gov.cn', 'edu.cn',
-        'com.sg', 'net.sg', 'org.sg', 'gov.sg', 'edu.sg', 'per.sg',
-        'co.za', 'org.za', 'gov.za', 'ac.za', 'net.za',
-        'co.kr', 'or.kr', 'go.kr', 'ac.kr', 'ne.kr', 'pe.kr',
-        'co.th', 'or.th', 'go.th', 'ac.th', 'net.th', 'in.th',
-        'com.my', 'net.my', 'org.my', 'edu.my', 'gov.my', 'mil.my', 'name.my',
-        'com.mx', 'org.mx', 'net.mx', 'edu.mx', 'gob.mx',
-        'com.br', 'net.br', 'org.br', 'gov.br', 'edu.br', 'art.br', 'eng.br',
-        'co.il', 'org.il', 'ac.il', 'gov.il', 'net.il', 'muni.il',
-        'co.id', 'or.id', 'ac.id', 'go.id', 'net.id', 'web.id', 'my.id',
-        'com.hk', 'edu.hk', 'gov.hk', 'idv.hk', 'net.hk', 'org.hk',
-        'com.tw', 'net.tw', 'org.tw', 'edu.tw', 'gov.tw', 'idv.tw',
-        'com.sa', 'net.sa', 'org.sa', 'gov.sa', 'edu.sa', 'sch.sa', 'med.sa',
-        'co.ae', 'net.ae', 'org.ae', 'gov.ae', 'ac.ae', 'sch.ae',
-        'com.tr', 'net.tr', 'org.tr', 'gov.tr', 'edu.tr', 'av.tr', 'gen.tr',
-        'co.ke', 'or.ke', 'go.ke', 'ac.ke', 'sc.ke', 'me.ke', 'mobi.ke', 'info.ke',
-        'com.ng', 'org.ng', 'gov.ng', 'edu.ng', 'net.ng', 'sch.ng', 'name.ng',
-        'com.pk', 'net.pk', 'org.pk', 'gov.pk', 'edu.pk', 'fam.pk',
-        'com.eg', 'edu.eg', 'gov.eg', 'org.eg', 'net.eg',
-        'com.cy', 'net.cy', 'org.cy', 'gov.cy', 'ac.cy',
-        'com.lk', 'org.lk', 'edu.lk', 'gov.lk', 'net.lk', 'int.lk',
-        'com.bd', 'net.bd', 'org.bd', 'ac.bd', 'gov.bd', 'mil.bd',
-        'com.ar', 'net.ar', 'org.ar', 'gov.ar', 'edu.ar', 'mil.ar',
-        'gob.cl',
-    ];
-
     public function __construct(
         public array|string|null $environment = null,
         public array|string|null $hostname = null,
@@ -145,7 +113,7 @@ private function checkSubdomain(RequestInterface $request): void
             return;
         }
 
-        $currentSubdomain  = $this->getSubdomain($request);
+        $currentSubdomain  = parse_subdomain($request->getUri()->getHost());
         $allowedSubdomains = array_map('strtolower', (array) $this->subdomain);
 
         // If no subdomain exists but one is required
@@ -158,40 +126,4 @@ private function checkSubdomain(RequestInterface $request): void
             throw new PageNotFoundException('Access denied: subdomain is blocked.');
         }
     }
-
-    private function getSubdomain(RequestInterface $request): string
-    {
-        $host = strtolower($request->getUri()->getHost());
-
-        // Handle localhost and IP addresses - they don't have subdomains
-        if ($host === 'localhost' || filter_var($host, FILTER_VALIDATE_IP)) {
-            return '';
-        }
-
-        $parts     = explode('.', $host);
-        $partCount = count($parts);
-
-        // Need at least 3 parts for a subdomain (subdomain.domain.tld)
-        // e.g., api.example.com
-        if ($partCount < 3) {
-            return '';
-        }
-        // Check if we have a two-part TLD (e.g., co.uk, com.au)
-        $lastTwoParts = $parts[$partCount - 2] . '.' . $parts[$partCount - 1];
-        if (in_array($lastTwoParts, self::TWO_PART_TLDS, true)) {
-            // For two-part TLD, need at least 4 parts for subdomain
-            // e.g., api.example.co.uk (4 parts)
-            if ($partCount < 4) {
-                return ''; // No subdomain, just domain.co.uk
-            }
-
-            // Remove the two-part TLD and domain name (last 3 parts)
-            // e.g., admin.api.example.co.uk -> admin.api
-            return implode('.', array_slice($parts, 0, $partCount - 3));
-        }
-
-        // Standard TLD: Remove TLD and domain (last 2 parts)
-        // e.g., admin.api.example.com -> admin.api
-        return implode('.', array_slice($parts, 0, $partCount - 2));
-    }
 }

system/Router/Exceptions/RouterException.php

@@ -80,4 +80,12 @@ public static function forInvalidControllerName(string $handler)
     {
         return new static(lang('Router.invalidControllerName', [$handler]));
     }
+
+    /**
+     * Throw when no routing is available (both autoRoute and definedRoutes are false).
+     */
+    public static function forNoRoutingAvailable(): self
+    {
+        return new static(lang('Router.noRoutingAvailable'));
+    }
 }