joinLimits

api.php

@@ -3227,6 +3227,52 @@ class FirewallMiddleware extends Middleware
     }
 }
 
+// file: src/Tqdev/PhpCrudApi/Middleware/JoinLimitsMiddleware.php
+
+class JoinLimitsMiddleware extends Middleware
+{
+    private $reflection;
+
+    public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection)
+    {
+        parent::__construct($router, $responder, $properties);
+        $this->reflection = $reflection;
+        $this->utils = new RequestUtils($reflection);
+    }
+
+    public function handle(Request $request): Response
+    {
+        $operation = $this->utils->getOperation($request);
+        $params = $request->getParams();
+        if (in_array($operation, ['read', 'list']) && isset($params['join'])) {
+            $maxDepth = (int) $this->getProperty('depth', '3');
+            $maxTables = (int) $this->getProperty('tables', '10');
+            $maxRecords = (int) $this->getProperty('records', '1000');
+            $tableCount = 0;
+            $joinPaths = array();
+            for ($i = 0; $i < count($params['join']); $i++) {
+                $joinPath = array();
+                $tables = explode(',', $params['join'][$i]);
+                for ($depth = 0; $depth < min($maxDepth, count($tables)); $depth++) {
+                    array_push($joinPath, $table);
+                    $tableCount += 1;
+                    if ($tableCount == $maxTables) {
+                        break;
+                    }
+                }
+                array_push($joinPaths, $joinPath);
+                if ($tableCount == $maxTables) {
+                    break;
+                }
+            }
+            $params['join'] = $joinPaths;
+            $request->setParams($params);
+            VariableStore::set("joinLimits.maxRecords", $maxRecords);
+        }
+        return $this->next->handle($request);
+    }
+}
+
 // file: src/Tqdev/PhpCrudApi/Middleware/JwtAuthMiddleware.php
 
 class JwtAuthMiddleware extends Middleware
@@ -5021,7 +5067,8 @@ class RelationJoiner
             $conditions[] = new ColumnCondition($fk, 'in', $pkValueKeys);
         }
         $condition = OrCondition::fromArray($conditions);
-        foreach ($db->selectAll($t2, $columnNames, $condition, array(), 0, -1) as $record) {
+        $limit = VariableStore::get("joinLimits.maxRecords") ?: -1;
+        foreach ($db->selectAll($t2, $columnNames, $condition, array(), 0, $limit) as $record) {
             $records[] = $record;
         }
     }
@@ -5067,7 +5114,8 @@ class RelationJoiner
         $pkIds = implode(',', array_keys($pkValues));
         $condition = new ColumnCondition($t3->getColumn($fk1Name), 'in', $pkIds);
 
-        $records = $db->selectAll($t3, $columnNames, $condition, array(), 0, -1);
+        $limit = VariableStore::get("joinLimits.maxRecords") ?: -1;
+        $records = $db->selectAll($t3, $columnNames, $condition, array(), 0, $limit);
         foreach ($records as $record) {
             $val1 = $record[$fk1Name];
             $val2 = $record[$fk2Name];
@@ -5219,6 +5267,9 @@ class Api
                 case 'pageLimits':
                     new PageLimitsMiddleware($router, $responder, $properties, $reflection);
                     break;
+                case 'joinLimits':
+                    new JoinLimitsMiddleware($router, $responder, $properties, $reflection);
+                    break;
                 case 'customization':
                     new CustomizationMiddleware($router, $responder, $properties, $reflection);
                     break;

src/Tqdev/PhpCrudApi/Api.php

@@ -15,6 +15,7 @@ use Tqdev\PhpCrudApi\Middleware\BasicAuthMiddleware;
 use Tqdev\PhpCrudApi\Middleware\CorsMiddleware;
 use Tqdev\PhpCrudApi\Middleware\CustomizationMiddleware;
 use Tqdev\PhpCrudApi\Middleware\FirewallMiddleware;
+use Tqdev\PhpCrudApi\Middleware\JoinLimitsMiddleware;
 use Tqdev\PhpCrudApi\Middleware\JwtAuthMiddleware;
 use Tqdev\PhpCrudApi\Middleware\MultiTenancyMiddleware;
 use Tqdev\PhpCrudApi\Middleware\PageLimitsMiddleware;
@@ -78,6 +79,9 @@ class Api
                 case 'pageLimits':
                     new PageLimitsMiddleware($router, $responder, $properties, $reflection);
                     break;
+                case 'joinLimits':
+                    new JoinLimitsMiddleware($router, $responder, $properties, $reflection);
+                    break;
                 case 'customization':
                     new CustomizationMiddleware($router, $responder, $properties, $reflection);
                     break;

src/Tqdev/PhpCrudApi/Record/RelationJoiner.php

@@ -6,6 +6,7 @@ use Tqdev\PhpCrudApi\Column\Reflection\ReflectedTable;
 use Tqdev\PhpCrudApi\Database\GenericDB;
 use Tqdev\PhpCrudApi\Record\Condition\ColumnCondition;
 use Tqdev\PhpCrudApi\Record\Condition\OrCondition;
+use Tqdev\PhpCrudApi\Middleware\Communication\VariableStore;
 
 class RelationJoiner
 {
@@ -133,7 +134,7 @@ class RelationJoiner
             } 
             if ($habtmValues != null) {
                 $this->fillFkValues($t2, $newRecords, $habtmValues->fkValues);
-                $this->setHabtmValues($t1, $t3, $records, $habtmValues);
+                $this->setHabtmValues($t1, $t2, $records, $habtmValues);
             }
         }
     }
@@ -208,7 +209,8 @@ class RelationJoiner
             $conditions[] = new ColumnCondition($fk, 'in', $pkValueKeys);
         }
         $condition = OrCondition::fromArray($conditions);
-        foreach ($db->selectAll($t2, $columnNames, $condition, array(), 0, -1) as $record) {
+        $limit = VariableStore::get("joinLimits.maxRecords") ?: -1;
+        foreach ($db->selectAll($t2, $columnNames, $condition, array(), 0, $limit) as $record) {
             $records[] = $record;
         }
     }
@@ -254,7 +256,8 @@ class RelationJoiner
         $pkIds = implode(',', array_keys($pkValues));
         $condition = new ColumnCondition($t3->getColumn($fk1Name), 'in', $pkIds);
 
-        $records = $db->selectAll($t3, $columnNames, $condition, array(), 0, -1);
+        $limit = VariableStore::get("joinLimits.maxRecords") ?: -1;
+        $records = $db->selectAll($t3, $columnNames, $condition, array(), 0, $limit);
         foreach ($records as $record) {
             $val1 = $record[$fk1Name];
             $val2 = $record[$fk2Name];
@@ -265,10 +268,10 @@ class RelationJoiner
         return new HabtmValues($pkValues, $fkValues);
     }
 
-    private function setHabtmValues(ReflectedTable $t1, ReflectedTable $t3, array &$records, HabtmValues $habtmValues) /*: void*/
+    private function setHabtmValues(ReflectedTable $t1, ReflectedTable $t2, array &$records, HabtmValues $habtmValues) /*: void*/
     {
         $pkName = $t1->getPk()->getName();
-        $t3Name = $t3->getName();
+        $t2Name = $t2->getName();
         foreach ($records as $i => $record) {
             $key = $record[$pkName];
             $val = array();
@@ -276,7 +279,7 @@ class RelationJoiner
             foreach ($fks as $fk) {
                 $val[] = $habtmValues->fkValues[$fk];
             }
-            $records[$i][$t3Name] = $val;
+            $records[$i][$t2Name] = $val;
         }
     }
 }

tests/config/base.php

@@ -4,7 +4,7 @@ $settings = [
     'username' => 'php-crud-api',
     'password' => 'php-crud-api',
     'controllers' => 'records,columns,cache,openapi',
-    'middlewares' => 'cors,jwtAuth,basicAuth,authorization,validation,sanitation,multiTenancy,pageLimits,customization',
+    'middlewares' => 'cors,jwtAuth,basicAuth,authorization,validation,sanitation,multiTenancy,pageLimits,joinLimits,customization',
     'jwtAuth.mode' => 'optional',
     'jwtAuth.time' => '1538207605',
     'jwtAuth.secret' => 'axpIrCGNGqxzx2R9dtXLIPUSqPo778uhb8CA0F4Hx',
@@ -30,6 +30,9 @@ $settings = [
     },
     'pageLimits.pages' => 5,
     'pageLimits.records' => 10,
+    'joinLimits.depth' => 2,
+    'joinLimits.tables' => 4,
+    'joinLimits.records' => 10,
     'customization.beforeHandler' => function ($operation, $tableName, $request, $environment) {
         $environment->start = 0.003/*microtime(true)*/;
     },

tests/functional/001_records/030_list_example_from_readme_tags_only.log

@@ -2,6 +2,6 @@ GET /records/posts?join=tags&filter=id,eq,1
 ===
 200
 Content-Type: application/json
-Content-Length: 182
+Content-Length: 177
 
-{"records":[{"id":1,"user_id":1,"category_id":1,"content":"blog started","post_tags":[{"id":1,"name":"funny","is_important":false},{"id":2,"name":"important","is_important":true}]}]}
+{"records":[{"id":1,"user_id":1,"category_id":1,"content":"blog started","tags":[{"id":1,"name":"funny","is_important":false},{"id":2,"name":"important","is_important":true}]}]}

tests/functional/001_records/032_list_example_from_readme.log

@@ -2,6 +2,6 @@ GET /records/posts?join=categories&join=tags&join=comments&filter=id,eq,1
 ===
 200
 Content-Type: application/json
-Content-Length: 350
+Content-Length: 345
 
-{"records":[{"id":1,"user_id":1,"category_id":{"id":1,"name":"announcement","icon":null},"content":"blog started","post_tags":[{"id":1,"name":"funny","is_important":false},{"id":2,"name":"important","is_important":true}],"comments":[{"id":1,"post_id":1,"message":"great","category_id":3},{"id":2,"post_id":1,"message":"fantastic","category_id":3}]}]}
+{"records":[{"id":1,"user_id":1,"category_id":{"id":1,"name":"announcement","icon":null},"content":"blog started","tags":[{"id":1,"name":"funny","is_important":false},{"id":2,"name":"important","is_important":true}],"comments":[{"id":1,"post_id":1,"message":"great","category_id":3},{"id":2,"post_id":1,"message":"fantastic","category_id":3}]}]}

tests/functional/001_records/061_get_post_content_with_included_tag_names.log

@@ -2,6 +2,6 @@ GET /records/posts/1?include=content,tags.name&join=tags
 ===
 200
 Content-Type: application/json
-Content-Length: 99
+Content-Length: 94
 
-{"id":1,"content":"blog started","post_tags":[{"id":1,"name":"funny"},{"id":2,"name":"important"}]}
+{"id":1,"content":"blog started","tags":[{"id":1,"name":"funny"},{"id":2,"name":"important"}]}

tests/functional/001_records/079_read_post_with_categories.log

@@ -2,9 +2,9 @@ GET /records/posts/1?join=tags&include=tags.name
 ===
 200
 Content-Type: application/json
-Content-Length: 74
+Content-Length: 69
 
-{"id":1,"post_tags":[{"id":1,"name":"funny"},{"id":2,"name":"important"}]}
+{"id":1,"tags":[{"id":1,"name":"funny"},{"id":2,"name":"important"}]}
 ===
 GET /records/posts/1?join=categories&include=category_id,categories.name
 ===