refactor types validation #648

README.md

@@ -923,39 +923,36 @@ You can parse this output to make form fields show up with a red border and thei
 #### Validation types
 
 The default types validations return the following error messages:
-| error message | applies to types |
-| ---- | ---- |
-| cannot be null | any non-nullable column |
-| must be numeric | integer bigint |
-| exceeds range | integer bigint |
-| too long | varchar varbinary |
-| not a float | decimal float double |
-| not a valid boolean | boolean |
-| invalid date format use yyyy-mm-dd | date timestamp |
-| not a valid date | date timestamp |
-| invalid time format use hh:mm:ss | time timestamp |
-| non-numeric time value | time timestamp |
-| not a valid time | time timestamp |
-| invalid timestamp format use yyyy-mm-dd hh:mm:ss | timestamp |
-
-If you want the types validation to apply to all the types, you must activate the `validation` middleware.
+
+| error message       | reason                      | applies to types                            |
+| ------------------- | --------------------------- | ------------------------------------------- |
+| cannot be null      | unexpected null value       | (any non-nullable column)                   |
+| illegal whitespace  | leading/trailing whitespace | integer bigint decimal float double boolean |
+| invalid integer     | illegal characters          | integer bigint                              |
+| string too long     | too many characters         | varchar varbinary                           |
+| invalid decimal     | illegal characters          | decimal                                     |
+| decimal too large   | too many digits before dot  | decimal                                     |
+| decimal too precise | too many digits after dot   | decimal                                     |
+| invalid float       | illegal characters          | float double                                |
+| invalid boolean     | use 1, 0, true or false     | boolean                                     |
+| invalid date        | use yyyy-mm-dd              | date                                        |
+| invalid time        | use hh:mm:ss                | time                                        |
+| invalid timestamp   | use yyyy-mm-dd hh:mm:ss     | timestamp                                   |
+
+If you want the types validation to apply to all the types, you must activate the "`validation`" middleware.
 By default, all types are enabled. Which is equivalent to the two configuration possibilities:
 
     'validation.types' => 'all',
     
 or
-    
-    'validation.types'=> 'integer,bigint,varchar,decimal,float,double,boolean,date,time,timestamp,clob,blob,varbinary,geometry',
 
-Types with no declared error message can be checked whether null when the column is non-nullable.
+    'validation.types'=> 'integer,bigint,varchar,decimal,float,double,boolean,date,time,timestamp,clob,blob,varbinary,geometry',
 
-In case you want to use a validation handler but don't want any types validation, use either:
+In case you want to use a validation handler but don't want any types validation, use:
 
     'validation.types' => '',
-    
-or
-    
-    'validation.types'=> 'none',
+
+NB: Types that are enabled will be checked for null values when the column is non-nullable.
 
 ### Multi-tenancy support
 
@@ -1211,10 +1208,10 @@ To run the docker tests run "build_all.sh" and "run_all.sh" from the docker dire
     [3/4] Starting SQLServer 2017 ... skipped
     [4/4] Cloning PHP-CRUD-API v2 ... skipped
     ------------------------------------------------
-    mysql: 104 tests ran in 2869 ms, 1 skipped, 0 failed
-    pgsql: 104 tests ran in 850 ms, 1 skipped, 0 failed
+    mysql: 105 tests ran in 2986 ms, 1 skipped, 0 failed
+    pgsql: 105 tests ran in 976 ms, 1 skipped, 0 failed
     sqlsrv: skipped, driver not loaded
-    sqlite: 104 tests ran in 883 ms, 12 skipped, 0 failed
+    sqlite: 105 tests ran in 933 ms, 12 skipped, 0 failed
     ================================================
     Debian 10 (PHP 7.3)
     ================================================
@@ -1223,10 +1220,10 @@ To run the docker tests run "build_all.sh" and "run_all.sh" from the docker dire
     [3/4] Starting SQLServer 2017 ... skipped
     [4/4] Cloning PHP-CRUD-API v2 ... skipped
     ------------------------------------------------
-    mysql: 104 tests ran in 3056 ms, 1 skipped, 0 failed
-    pgsql: 104 tests ran in 869 ms, 1 skipped, 0 failed
+    mysql: 105 tests ran in 3214 ms, 1 skipped, 0 failed
+    pgsql: 105 tests ran in 904 ms, 1 skipped, 0 failed
     sqlsrv: skipped, driver not loaded
-    sqlite: 104 tests ran in 891 ms, 12 skipped, 0 failed
+    sqlite: 105 tests ran in 1145 ms, 12 skipped, 0 failed
     ================================================
     Debian 9 (PHP 7.0)
     ================================================
@@ -1235,10 +1232,10 @@ To run the docker tests run "build_all.sh" and "run_all.sh" from the docker dire
     [3/4] Starting SQLServer 2017 ... skipped
     [4/4] Cloning PHP-CRUD-API v2 ... skipped
     ------------------------------------------------
-    mysql: 104 tests ran in 2800 ms, 1 skipped, 0 failed
-    pgsql: 104 tests ran in 867 ms, 1 skipped, 0 failed
+    mysql: 105 tests ran in 2940 ms, 1 skipped, 0 failed
+    pgsql: 105 tests ran in 992 ms, 1 skipped, 0 failed
     sqlsrv: skipped, driver not loaded
-    sqlite: 104 tests ran in 1051 ms, 12 skipped, 0 failed
+    sqlite: 105 tests ran in 1063 ms, 12 skipped, 0 failed
     ================================================
     Ubuntu 16.04 (PHP 7.0)
     ================================================
@@ -1247,9 +1244,9 @@ To run the docker tests run "build_all.sh" and "run_all.sh" from the docker dire
     [3/4] Starting SQLServer 2017 ... done
     [4/4] Cloning PHP-CRUD-API v2 ... skipped
     ------------------------------------------------
-    mysql: 104 tests ran in 2789 ms, 1 skipped, 0 failed
-    pgsql: 104 tests ran in 872 ms, 1 skipped, 0 failed
-    sqlsrv: 104 tests ran in 7728 ms, 1 skipped, 0 failed
+    mysql: 105 tests ran in 3015 ms, 1 skipped, 0 failed
+    pgsql: 105 tests ran in 992 ms, 1 skipped, 0 failed
+    sqlsrv: 105 tests ran in 10515 ms, 1 skipped, 0 failed
     sqlite: skipped, driver not loaded
     ================================================
     Ubuntu 18.04 (PHP 7.2)
@@ -1259,10 +1256,10 @@ To run the docker tests run "build_all.sh" and "run_all.sh" from the docker dire
     [3/4] Starting SQLServer 2017 ... skipped
     [4/4] Cloning PHP-CRUD-API v2 ... skipped
     ------------------------------------------------
-    mysql: 104 tests ran in 3282 ms, 1 skipped, 0 failed
-    pgsql: 104 tests ran in 856 ms, 1 skipped, 0 failed
+    mysql: 105 tests ran in 3390 ms, 1 skipped, 0 failed
+    pgsql: 105 tests ran in 936 ms, 1 skipped, 0 failed
     sqlsrv: skipped, driver not loaded
-    sqlite: 104 tests ran in 972 ms, 12 skipped, 0 failed
+    sqlite: 105 tests ran in 1063 ms, 12 skipped, 0 failed
     ================================================
     Ubuntu 20.04 (PHP 7.3)
     ================================================
@@ -1271,10 +1268,10 @@ To run the docker tests run "build_all.sh" and "run_all.sh" from the docker dire
     [3/4] Starting SQLServer 2017 ... skipped
     [4/4] Cloning PHP-CRUD-API v2 ... skipped
     ------------------------------------------------
-    mysql: 104 tests ran in 5996 ms, 1 skipped, 0 failed
-    pgsql: 104 tests ran in 942 ms, 1 skipped, 0 failed
+    mysql: 105 tests ran in 6434 ms, 1 skipped, 0 failed
+    pgsql: 105 tests ran in 979 ms, 1 skipped, 0 failed
     sqlsrv: skipped, driver not loaded
-    sqlite: 104 tests ran in 961 ms, 12 skipped, 0 failed
+    sqlite: 105 tests ran in 1373 ms, 12 skipped, 0 failed
 
 The above test run (including starting up the databases) takes less than 5 minutes on my slow laptop.
 
@@ -1294,10 +1291,10 @@ The above test run (including starting up the databases) takes less than 5 minut
     [3/4] Starting SQLServer 2017 ... skipped
     [4/4] Cloning PHP-CRUD-API v2 ... skipped
     ------------------------------------------------
-    mysql: 104 tests ran in 3282 ms, 1 skipped, 0 failed
-    pgsql: 104 tests ran in 856 ms, 1 skipped, 0 failed
+    mysql: 105 tests ran in 3390 ms, 1 skipped, 0 failed
+    pgsql: 105 tests ran in 936 ms, 1 skipped, 0 failed
     sqlsrv: skipped, driver not loaded
-    sqlite: 104 tests ran in 972 ms, 12 skipped, 0 failed
+    sqlite: 105 tests ran in 1063 ms, 12 skipped, 0 failed
     root@b7ab9472e08f:/php-crud-api# 
 
 As you can see the "run.sh" script gives you access to a prompt in a chosen the docker environment.

api.php

@@ -8220,33 +8220,25 @@ namespace Tqdev\PhpCrudApi\Middleware {
     use Psr\Http\Server\RequestHandlerInterface;
     use Tqdev\PhpCrudApi\Column\ReflectionService;
     use Tqdev\PhpCrudApi\Column\Reflection\ReflectedTable;
+    use Tqdev\PhpCrudApi\Column\Reflection\ReflectedColumn;
     use Tqdev\PhpCrudApi\Controller\Responder;
     use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
     use Tqdev\PhpCrudApi\Middleware\Router\Router;
     use Tqdev\PhpCrudApi\Record\ErrorCode;
     use Tqdev\PhpCrudApi\RequestUtils;
 
-    class ValidationMiddleware extends Middleware {
+    class ValidationMiddleware extends Middleware
+    {
     	private $reflection;
-    	private $typesToValidate;
 
-    	public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection) {
+    	public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection)
+    	{
     		parent::__construct($router, $responder, $properties);
     		$this->reflection = $reflection;
-    		$typesStr = $this->getProperty('types', 'all');
-    		if (is_null($typesStr)) {
-    			$typesStr = 'all';
-    		}
-    		if (strlen($typesStr) == 0) {
-    			$typesStr = 'none';
-    		}
-    		$this->typesToValidate = explode(',', $typesStr);
-    		if (is_null($this->typesToValidate) || count($this->typesToValidate) == 0) {
-    			$this->typesToValidate = ['all'];
-    		}
     	}
 
-    	private function callHandler($handler, $record, string $operation, ReflectedTable $table) /*: ResponseInterface?*/ {
+    	private function callHandler($handler, $record, string $operation, ReflectedTable $table) /*: ResponseInterface?*/
+    	{
     		$context = (array) $record;
     		$details = array();
     		$tableName = $table->getName();
@@ -8254,8 +8246,8 @@ namespace Tqdev\PhpCrudApi\Middleware {
     			if ($table->hasColumn($columnName)) {
     				$column = $table->getColumn($columnName);
     				$valid = call_user_func($handler, $operation, $tableName, $column->serialize(), $value, $context);
-    				if ($valid || $valid == '') {
-    					$valid = $this->validateType($column->serialize(), $value);
+    				if ($valid === true || $valid === '') {
+    					$valid = $this->validateType($column, $value);
     				}
     				if ($valid !== true && $valid !== '') {
     					$details[$columnName] = $valid;
@@ -8268,145 +8260,154 @@ namespace Tqdev\PhpCrudApi\Middleware {
     		return null;
     	}
 
-    	private function validateType($column, $value) {
-    		if ($this->typesToValidate[0] == 'none') {
-    			return (true);
-    		}
-    		if ($this->typesToValidate[0] != 'all') {
-    			if (!in_array($column['type'], $this->typesToValidate)) {
-    				return (true);
-    			}
-    		}
-    		if (is_null($value)) {
-    			return ($column["nullable"] ? true : "cannot be null");
-    		}
-    		switch ($column['type']) {
-    		case 'integer':
-    			if (!is_numeric($value)) {
-    				return ('must be numeric');
-    			}
-
-    			if (strlen($value) > 20) {
-    				return ('exceeds range');
+    	private function validateType(ReflectedColumn $column, $value)
+    	{
+    		$types = $this->getArrayProperty('types', 'all');
+    		if (in_array('all', $types) || in_array($column->getType(), $types)) {
+    			if (is_null($value)) {
+    				return ($column->getNullable() ? true : "cannot be null");
     			}
-
-    			break;
-    		case 'bigint':
-    			if (!is_numeric($value)) {
-    				return ('must be numeric');
-    			}
-
-    			if (strlen($value) > 20) {
-    				return ('exceeds range');
-    			}
-
-    			break;
-    		case 'varchar':
-    			if (strlen($value) > $column['length']) {
-    				return ('too long');
-    			}
-
-    			break;
-    		case 'decimal':
-    			if (!is_float($value) && !is_numeric($value)) {
-    				return ('not a float');
-    			}
-
-    			break;
-    		case 'float':
-    			if (!is_float($value) && !is_numeric($value)) {
-    				return ('not a float');
-    			}
-
-    			break;
-    		case 'double':
-    			if (!is_float($value) && !is_numeric($value)) {
-    				return ('not a float');
-    			}
-
-    			break;
-    		case 'boolean':
-    			if ($value != 0 && $value != 1) {
-    				return ('not a valid boolean');
-    			}
-
-    			break;
-    		case 'date':
-    			$date_array = explode('-', $value);
-    			if (count($date_array) != 3) {
-    				return ('invalid date format use yyyy-mm-dd');
-    			}
-
-    			if (!@checkdate($date_array[1], $date_array[2], $date_array[0])) {
-    				return ('not a valid date');
-    			}
-
-    			break;
-    		case 'time':
-    			$time_array = explode(':', $value);
-    			if (count($time_array) != 3) {
-    				return ('invalid time format use hh:mm:ss');
-    			}
-
-    			foreach ($time_array as $t) {
-    				if (!is_numeric($t)) {
-    					return ('non-numeric time value');
+    			if (is_string($value)) {
+    				// check for whitespace
+    				switch ($column->getType()) {
+    					case 'varchar':
+    					case 'clob':
+    						break;
+    					default:
+    						if (strlen(trim($value)) != strlen($value)) {
+    							return 'illegal whitespace';
+    						}
+    						break;
     				}
-    			}
-
-    			if ($time_array[1] < 0 || $time_array[2] < 0 || $time_array[0] < -838 || $time_array[1] > 59 || $time_array[2] > 59 || $time_array[0] > 838) {
-    				return ('not a valid time');
-    			}
-
-    			break;
-    		case 'timestamp':
-    			$split_timestamp = explode(' ', $value);
-    			if (count($split_timestamp) != 2) {
-    				return ('invalid timestamp format use yyyy-mm-dd hh:mm:ss');
-    			}
-
-    			$date_array = explode('-', $split_timestamp[0]);
-    			if (count($date_array) != 3) {
-    				return ('invalid date format use yyyy-mm-dd');
-    			}
-
-    			if (!@checkdate($date_array[1], $date_array[2], $date_array[0])) {
-    				return ('not a valid date');
-    			}
-
-    			$time_array = explode(':', $split_timestamp[1]);
-    			if (count($time_array) != 3) {
-    				return ('invalid time format use hh:mm:ss');
-    			}
-
-    			foreach ($time_array as $t) {
-    				if (!is_numeric($t)) {
-    					return ('non-numeric time value');
+    				// try to parse
+    				switch ($column->getType()) {
+    					case 'integer':
+    					case 'bigint':
+    						if (
+    							filter_var($value, FILTER_SANITIZE_NUMBER_INT) !== $value ||
+    							filter_var($value, FILTER_VALIDATE_INT) === false
+    						) {
+    							return 'invalid integer';
+    						}
+    						break;
+    					case 'varchar':
+    						if (mb_strlen($value, 'UTF-8') > $column->getLength()) {
+    							return 'string too long';
+    						}
+    						break;
+    					case 'decimal':
+    						if (!is_numeric($value)) {
+    							return 'invalid decimal';
+    						}
+    						break;
+    					case 'float':
+    					case 'double':
+    						if (
+    							filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT) !== $value ||
+    							filter_var($value, FILTER_VALIDATE_FLOAT) === false
+    						) {
+    							return 'invalid float';
+    						}
+    						break;
+    					case 'boolean':
+    						if (
+    							filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) === null
+    						) {
+    							return 'invalid boolean';
+    						}
+    						break;
+    					case 'date':
+    						if (date_create_from_format('Y-m-d', $value) === false) {
+    							return 'invalid date';
+    						}
+    						break;
+    					case 'time':
+    						if (date_create_from_format('H:i:s', $value) === false) {
+    							return 'invalid time';
+    						}
+    						break;
+    					case 'timestamp':
+    						if (date_create_from_format('Y-m-d H:i:s', $value) === false) {
+    							return 'invalid timestamp';
+    						}
+    						break;
+    					case 'clob':
+    						// no checks needed
+    						break;
+    					case 'blob':
+    					case 'varbinary':
+    						if (base64_decode($value, true) === false) {
+    							return 'invalid base64';
+    						}
+    						break;
+    					case 'geometry':
+    						// no checks yet
+    						break;
+    				}
+    			} else { // check non-string types
+    				switch ($column->getType()) {
+    					case 'integer':
+    					case 'bigint':
+    						if (!is_int($value)) {
+    							return 'invalid integer';
+    						}
+    						break;
+    					case 'decimal':
+    					case 'float':
+    					case 'double':
+    						if (!is_float($value) && !is_int($value)) {
+    							return 'invalid float';
+    						}
+    						break;
+    					case 'boolean':
+    						if (!(is_int($value) && ($value === 1 || $value === 0)) && !is_bool($value)) {
+    							return 'invalid boolean';
+    						}
+    						break;
+    					default:
+    						return 'invalid ' . $column->getType();
     				}
     			}
-
-    			if ($time_array[1] < 0 || $time_array[2] < 0 || $time_array[0] < 0 || $time_array[1] > 59 || $time_array[2] > 59 || $time_array[0] > 23) {
-    				return ('not a valid time');
-    			}
-
-    			break;
-    		case 'clob':
-    			break;
-    		case 'blob':
-    			break;
-    		case 'varbinary':
-    			if (((strlen($value) * 3 / 4) - substr_count(substr($value, -2), '=')) > $column['length']) {
-    				return ('too long');
+    			// extra checks
+    			switch ($column->getType()) {
+    				case 'integer': // 4 byte signed
+    					$value = filter_var($value, FILTER_VALIDATE_INT);
+    					if ($value > 2147483647 || $value < -2147483648) {
+    						return 'invalid integer';
+    					}
+    					break;
+    				case 'decimal':
+    					$value = "$value";
+    					if (strpos($value, '.') !== false) {
+    						list($whole, $decimals) = explode('.', $value, 2);
+    					} else {
+    						list($whole, $decimals) = array($value, '');
+    					}
+    					if (strlen($whole) > 0 && !ctype_digit($whole)) {
+    						return 'invalid decimal';
+    					}
+    					if (strlen($decimals) > 0 && !ctype_digit($decimals)) {
+    						return 'invalid decimal';
+    					}
+    					if (strlen($whole) > $column->getPrecision() - $column->getScale()) {
+    						return 'decimal too large';
+    					}
+    					if (strlen($decimals) > $column->getScale()) {
+    						return 'decimal too precise';
+    					}
+    					break;
+    				case 'varbinary':
+    					if (strlen(base64_decode($value)) > $column->getLength()) {
+    						return 'string too long';
+    					}
+    					break;
     			}
-
-    			break;
-    		case 'geometry':
-    			break;
     		}
     		return (true);
     	}
 
-    	public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface{
+    	public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
+    	{
     		$operation = RequestUtils::getOperation($request);
     		if (in_array($operation, ['create', 'update', 'increment'])) {
     			$tableName = RequestUtils::getPathSegment($request, 2);

docker/centos8/Dockerfile

@@ -25,7 +25,7 @@ RUN dnf -y module disable mariadb
 RUN dnf -y module disable postgresql
 
 RUN dnf -y install \
-php-cli php-xml php-json \
+php-cli php-xml php-json php-mbstring \
 MariaDB-server MariaDB-client php-mysqlnd \
 postgresql12 postgresql12-server php-pgsql postgis30_12 \
 sqlite php-sqlite3 \

docker/debian10/Dockerfile

@@ -4,7 +4,7 @@ ARG DEBIAN_FRONTEND=noninteractive
 
 # install: php / mysql / postgres / sqlite / tools / mssql deps
 RUN apt-get update && apt-get -y install \
-php-cli php-xml \
+php-cli php-xml php-mbstring \
 mariadb-server mariadb-client php-mysql \
 postgresql php-pgsql \
 postgresql-11-postgis-2.5 \

docker/debian9/Dockerfile

@@ -4,7 +4,7 @@ ARG DEBIAN_FRONTEND=noninteractive
 
 # install: php / mysql / postgres / sqlite / tools / mssql deps
 RUN apt-get update && apt-get -y install \
-php-cli php-xml \
+php-cli php-xml php-mbstring \
 mariadb-server mariadb-client php-mysql \
 postgresql php-pgsql \
 postgresql-9.6-postgis-2.3 \

docker/ubuntu16/Dockerfile

@@ -4,7 +4,7 @@ ARG DEBIAN_FRONTEND=noninteractive
 
 # install: php / mysql / postgres / tools / mssql deps
 RUN apt-get update && apt-get -y install \
-php-cli php-xml \
+php-cli php-xml php-mbstring \
 mariadb-server mariadb-client php-mysql \
 postgresql php-pgsql \
 postgresql-9.5-postgis-2.2 \

docker/ubuntu18/Dockerfile

@@ -2,12 +2,9 @@ FROM ubuntu:18.04
 
 ARG DEBIAN_FRONTEND=noninteractive
 
-ENV TZ=Etc/UTC
-RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
-
 # install: php / mysql / postgres / sqlite / tools
 RUN apt-get update && apt-get -y install \
-php-cli php-xml \
+php-cli php-xml php-mbstring \
 mysql-server mysql-client php-mysql \
 postgresql php-pgsql \
 postgresql-10-postgis-2.4 \

docker/ubuntu20/Dockerfile

@@ -2,12 +2,9 @@ FROM ubuntu:20.04
 
 ARG DEBIAN_FRONTEND=noninteractive
 
-ENV TZ=Etc/UTC
-RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
-
 # install: php / mysql / postgres / sqlite / tools
 RUN apt-get update && apt-get -y install \
-php-cli php-xml \
+php-cli php-xml php-mbstring \
 mysql-server mysql-client php-mysql \
 postgresql php-pgsql \
 postgresql-12-postgis-3 \

src/Tqdev/PhpCrudApi/Middleware/ValidationMiddleware.php

@@ -7,33 +7,25 @@ use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\RequestHandlerInterface;
 use Tqdev\PhpCrudApi\Column\ReflectionService;
 use Tqdev\PhpCrudApi\Column\Reflection\ReflectedTable;
+use Tqdev\PhpCrudApi\Column\Reflection\ReflectedColumn;
 use Tqdev\PhpCrudApi\Controller\Responder;
 use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
 use Tqdev\PhpCrudApi\Middleware\Router\Router;
 use Tqdev\PhpCrudApi\Record\ErrorCode;
 use Tqdev\PhpCrudApi\RequestUtils;
 
-class ValidationMiddleware extends Middleware {
+class ValidationMiddleware extends Middleware
+{
 	private $reflection;
-	private $typesToValidate;
 
-	public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection) {
+	public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection)
+	{
 		parent::__construct($router, $responder, $properties);
 		$this->reflection = $reflection;
-		$typesStr = $this->getProperty('types', 'all');
-		if (is_null($typesStr)) {
-			$typesStr = 'all';
-		}
-		if (strlen($typesStr) == 0) {
-			$typesStr = 'none';
-		}
-		$this->typesToValidate = explode(',', $typesStr);
-		if (is_null($this->typesToValidate) || count($this->typesToValidate) == 0) {
-			$this->typesToValidate = ['all'];
-		}
 	}
 
-	private function callHandler($handler, $record, string $operation, ReflectedTable $table) /*: ResponseInterface?*/ {
+	private function callHandler($handler, $record, string $operation, ReflectedTable $table) /*: ResponseInterface?*/
+	{
 		$context = (array) $record;
 		$details = array();
 		$tableName = $table->getName();
@@ -41,8 +33,8 @@ class ValidationMiddleware extends Middleware {
 			if ($table->hasColumn($columnName)) {
 				$column = $table->getColumn($columnName);
 				$valid = call_user_func($handler, $operation, $tableName, $column->serialize(), $value, $context);
-				if ($valid || $valid == '') {
-					$valid = $this->validateType($column->serialize(), $value);
+				if ($valid === true || $valid === '') {
+					$valid = $this->validateType($column, $value);
 				}
 				if ($valid !== true && $valid !== '') {
 					$details[$columnName] = $valid;
@@ -55,145 +47,154 @@ class ValidationMiddleware extends Middleware {
 		return null;
 	}
 
-	private function validateType($column, $value) {
-		if ($this->typesToValidate[0] == 'none') {
-			return (true);
-		}
-		if ($this->typesToValidate[0] != 'all') {
-			if (!in_array($column['type'], $this->typesToValidate)) {
-				return (true);
-			}
-		}
-		if (is_null($value)) {
-			return ($column["nullable"] ? true : "cannot be null");
-		}
-		switch ($column['type']) {
-		case 'integer':
-			if (!is_numeric($value)) {
-				return ('must be numeric');
-			}
-
-			if (strlen($value) > 20) {
-				return ('exceeds range');
-			}
-
-			break;
-		case 'bigint':
-			if (!is_numeric($value)) {
-				return ('must be numeric');
-			}
-
-			if (strlen($value) > 20) {
-				return ('exceeds range');
-			}
-
-			break;
-		case 'varchar':
-			if (strlen($value) > $column['length']) {
-				return ('too long');
-			}
-
-			break;
-		case 'decimal':
-			if (!is_float($value) && !is_numeric($value)) {
-				return ('not a float');
-			}
-
-			break;
-		case 'float':
-			if (!is_float($value) && !is_numeric($value)) {
-				return ('not a float');
-			}
-
-			break;
-		case 'double':
-			if (!is_float($value) && !is_numeric($value)) {
-				return ('not a float');
-			}
-
-			break;
-		case 'boolean':
-			if ($value != 0 && $value != 1) {
-				return ('not a valid boolean');
-			}
-
-			break;
-		case 'date':
-			$date_array = explode('-', $value);
-			if (count($date_array) != 3) {
-				return ('invalid date format use yyyy-mm-dd');
-			}
-
-			if (!@checkdate($date_array[1], $date_array[2], $date_array[0])) {
-				return ('not a valid date');
-			}
-
-			break;
-		case 'time':
-			$time_array = explode(':', $value);
-			if (count($time_array) != 3) {
-				return ('invalid time format use hh:mm:ss');
-			}
-
-			foreach ($time_array as $t) {
-				if (!is_numeric($t)) {
-					return ('non-numeric time value');
+	private function validateType(ReflectedColumn $column, $value)
+	{
+		$types = $this->getArrayProperty('types', 'all');
+		if (in_array('all', $types) || in_array($column->getType(), $types)) {
+			if (is_null($value)) {
+				return ($column->getNullable() ? true : "cannot be null");
+			}
+			if (is_string($value)) {
+				// check for whitespace
+				switch ($column->getType()) {
+					case 'varchar':
+					case 'clob':
+						break;
+					default:
+						if (strlen(trim($value)) != strlen($value)) {
+							return 'illegal whitespace';
+						}
+						break;
 				}
-			}
-
-			if ($time_array[1] < 0 || $time_array[2] < 0 || $time_array[0] < -838 || $time_array[1] > 59 || $time_array[2] > 59 || $time_array[0] > 838) {
-				return ('not a valid time');
-			}
-
-			break;
-		case 'timestamp':
-			$split_timestamp = explode(' ', $value);
-			if (count($split_timestamp) != 2) {
-				return ('invalid timestamp format use yyyy-mm-dd hh:mm:ss');
-			}
-
-			$date_array = explode('-', $split_timestamp[0]);
-			if (count($date_array) != 3) {
-				return ('invalid date format use yyyy-mm-dd');
-			}
-
-			if (!@checkdate($date_array[1], $date_array[2], $date_array[0])) {
-				return ('not a valid date');
-			}
-
-			$time_array = explode(':', $split_timestamp[1]);
-			if (count($time_array) != 3) {
-				return ('invalid time format use hh:mm:ss');
-			}
-
-			foreach ($time_array as $t) {
-				if (!is_numeric($t)) {
-					return ('non-numeric time value');
+				// try to parse
+				switch ($column->getType()) {
+					case 'integer':
+					case 'bigint':
+						if (
+							filter_var($value, FILTER_SANITIZE_NUMBER_INT) !== $value ||
+							filter_var($value, FILTER_VALIDATE_INT) === false
+						) {
+							return 'invalid integer';
+						}
+						break;
+					case 'varchar':
+						if (mb_strlen($value, 'UTF-8') > $column->getLength()) {
+							return 'string too long';
+						}
+						break;
+					case 'decimal':
+						if (!is_numeric($value)) {
+							return 'invalid decimal';
+						}
+						break;
+					case 'float':
+					case 'double':
+						if (
+							filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT) !== $value ||
+							filter_var($value, FILTER_VALIDATE_FLOAT) === false
+						) {
+							return 'invalid float';
+						}
+						break;
+					case 'boolean':
+						if (
+							filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) === null
+						) {
+							return 'invalid boolean';
+						}
+						break;
+					case 'date':
+						if (date_create_from_format('Y-m-d', $value) === false) {
+							return 'invalid date';
+						}
+						break;
+					case 'time':
+						if (date_create_from_format('H:i:s', $value) === false) {
+							return 'invalid time';
+						}
+						break;
+					case 'timestamp':
+						if (date_create_from_format('Y-m-d H:i:s', $value) === false) {
+							return 'invalid timestamp';
+						}
+						break;
+					case 'clob':
+						// no checks needed
+						break;
+					case 'blob':
+					case 'varbinary':
+						if (base64_decode($value, true) === false) {
+							return 'invalid base64';
+						}
+						break;
+					case 'geometry':
+						// no checks yet
+						break;
+				}
+			} else { // check non-string types
+				switch ($column->getType()) {
+					case 'integer':
+					case 'bigint':
+						if (!is_int($value)) {
+							return 'invalid integer';
+						}
+						break;
+					case 'decimal':
+					case 'float':
+					case 'double':
+						if (!is_float($value) && !is_int($value)) {
+							return 'invalid float';
+						}
+						break;
+					case 'boolean':
+						if (!(is_int($value) && ($value === 1 || $value === 0)) && !is_bool($value)) {
+							return 'invalid boolean';
+						}
+						break;
+					default:
+						return 'invalid ' . $column->getType();
 				}
 			}
-
-			if ($time_array[1] < 0 || $time_array[2] < 0 || $time_array[0] < 0 || $time_array[1] > 59 || $time_array[2] > 59 || $time_array[0] > 23) {
-				return ('not a valid time');
-			}
-
-			break;
-		case 'clob':
-			break;
-		case 'blob':
-			break;
-		case 'varbinary':
-			if (((strlen($value) * 3 / 4) - substr_count(substr($value, -2), '=')) > $column['length']) {
-				return ('too long');
+			// extra checks
+			switch ($column->getType()) {
+				case 'integer': // 4 byte signed
+					$value = filter_var($value, FILTER_VALIDATE_INT);
+					if ($value > 2147483647 || $value < -2147483648) {
+						return 'invalid integer';
+					}
+					break;
+				case 'decimal':
+					$value = "$value";
+					if (strpos($value, '.') !== false) {
+						list($whole, $decimals) = explode('.', $value, 2);
+					} else {
+						list($whole, $decimals) = array($value, '');
+					}
+					if (strlen($whole) > 0 && !ctype_digit($whole)) {
+						return 'invalid decimal';
+					}
+					if (strlen($decimals) > 0 && !ctype_digit($decimals)) {
+						return 'invalid decimal';
+					}
+					if (strlen($whole) > $column->getPrecision() - $column->getScale()) {
+						return 'decimal too large';
+					}
+					if (strlen($decimals) > $column->getScale()) {
+						return 'decimal too precise';
+					}
+					break;
+				case 'varbinary':
+					if (strlen(base64_decode($value)) > $column->getLength()) {
+						return 'string too long';
+					}
+					break;
 			}
-
-			break;
-		case 'geometry':
-			break;
 		}
 		return (true);
 	}
 
-	public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface{
+	public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
+	{
 		$operation = RequestUtils::getOperation($request);
 		if (in_array($operation, ['create', 'update', 'increment'])) {
 			$tableName = RequestUtils::getPathSegment($request, 2);

tests/functional/003_columns/014_create_types_table.log

@@ -20,6 +20,17 @@ Content-Length: 563
 POST /records/types
 Content-Type: application/json
 
+{"integer":3,"bigint":4,"varchar":"bcd","decimal":"2.34","float":2,"double":34.56,"boolean":false,"date":"2020-02-02","time":"23:55:59","timestamp":"2002-03-04 05:06:07","clob":"b","blob":"Yg==","geometry":"POINT(2 3)"}
+===
+200
+Content-Type: application/json
+Content-Length: 1
+
+1
+===
+PUT /records/types/1
+Content-Type: application/json
+
 {"integer":2,"bigint":3,"varchar":"abc","decimal":"1.23","float":1,"double":23.45,"boolean":true,"date":"1970-01-01","time":"00:00:01","timestamp":"2001-02-03 04:05:06","clob":"a","blob":"YQ==","geometry":"POINT(1 2)"}
 ===
 200

tests/functional/003_columns/015_update_types_table.log

@@ -12,7 +12,7 @@ true
 POST /records/types
 Content-Type: application/json
 
-{"integer":2,"bigint":3,"varchar":"abc","decimal":"1.23","float":1,"double":23.45,"boolean":true,"date":"1970-01-01","time":"00:00:01","timestamp":"2001-02-03 04:05:06","clob":"a","blob":"YQ==","geometry":"POINT(1 2)"}
+{"integer":2,"bigint":3,"varchar":"abc","decimal":1.23,"float":1,"double":23.45,"boolean":true,"date":"1970-01-01","time":"00:00:01","timestamp":"2001-02-03 04:05:06","clob":"a","blob":"YQ==","geometry":"POINT(1 2)"}
 ===
 200
 Content-Type: application/json
@@ -22,59 +22,63 @@ Content-Length: 1
 ===
 PUT /records/types/1
 
-{"integer":2,"bigint":2,"varchar":"b","decimal":2,"float":2,"double":2,"boolean":false,"date":"2000-01-02","time":"02:01:01","timestamp":"2000-01-02 02:01:01","clob":"b","blob":"Cg==","geometry":"POINT(2 2)"}
+{"boolean":null}
 ===
-200
+422
 Content-Type: application/json
-Content-Length: 1
+Content-Length: 100
 
-1
+{"code":1013,"message":"Input validation failed for 'types'","details":{"boolean":"cannot be null"}}
 ===
-GET /records/types/1
+PUT /records/types/1
+
+{"integer":" 1\n"}
 ===
-200
+422
 Content-Type: application/json
-Content-Length: 222
+Content-Length: 104
 
-{"id":1,"integer":2,"bigint":2,"varchar":"b","decimal":"2.0000","float":2,"double":2,"boolean":false,"date":"2000-01-02","time":"02:01:01","timestamp":"2000-01-02 02:01:01","clob":"b","blob":"Cg==","geometry":"POINT(2 2)"}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"integer":"illegal whitespace"}}
 ===
 PUT /records/types/1
 
-{"integer":3,"bigint":3,"varchar":"c","decimal":3,"float":3,"double":3,"boolean":true,"date":"2000-01-03","time":"03:01:01","timestamp":"2000-01-03 03:01:01","clob":"c","blob":"Yw==","geometry":"POINT(3 3)"}
+{"integer":"23e"}
 ===
-200
+422
 Content-Type: application/json
-Content-Length: 1
+Content-Length: 101
 
-1
+{"code":1013,"message":"Input validation failed for 'types'","details":{"integer":"invalid integer"}}
 ===
-GET /records/types/1
+PUT /records/types/1
+
+integer=23e
 ===
-200
+422
 Content-Type: application/json
-Content-Length: 221
+Content-Length: 101
 
-{"id":1,"integer":3,"bigint":3,"varchar":"c","decimal":"3.0000","float":3,"double":3,"boolean":true,"date":"2000-01-03","time":"03:01:01","timestamp":"2000-01-03 03:01:01","clob":"c","blob":"Yw==","geometry":"POINT(3 3)"}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"integer":"invalid integer"}}
 ===
 PUT /records/types/1
 
-{"integer":"string"}
+{"integer":"12345678901"}
 ===
 422
 Content-Type: application/json
 Content-Length: 101
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"integer":"must be numeric"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"integer":"invalid integer"}}
 ===
 PUT /records/types/1
 
-{"bigint":"string"}
+{"bigint":"12345678901234567890"}
 ===
 422
 Content-Type: application/json
 Content-Length: 100
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"bigint":"must be numeric"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"bigint":"invalid integer"}}
 ===
 PUT /records/types/1
 
@@ -82,159 +86,169 @@ PUT /records/types/1
 ===
 422
 Content-Type: application/json
-Content-Length: 94
+Content-Length: 101
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"varchar":"too long"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"varchar":"string too long"}}
 ===
 PUT /records/types/1
 
-{"decimal":"string"}
+{"decimal":"12.23.34"}
 ===
 422
 Content-Type: application/json
-Content-Length: 97
+Content-Length: 101
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"decimal":"not a float"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"decimal":"invalid decimal"}}
 ===
 PUT /records/types/1
 
-{"float":"string"}
+{"decimal":1131313145345}
 ===
 422
 Content-Type: application/json
-Content-Length: 95
+Content-Length: 103
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"float":"not a float"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"decimal":"decimal too large"}}
 ===
 PUT /records/types/1
 
-{"double":"string"}
+{"decimal":"1234567.123"}
 ===
 422
 Content-Type: application/json
-Content-Length: 96
+Content-Length: 103
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"double":"not a float"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"decimal":"decimal too large"}}
 ===
 PUT /records/types/1
 
-{"boolean":-1}
+{"decimal":11313131e+5}
+===
+422
+Content-Type: application/json
+Content-Length: 103
+
+{"code":1013,"message":"Input validation failed for 'types'","details":{"decimal":"decimal too large"}}
+===
+PUT /records/types/1
+
+{"decimal":"123456.12345"}
 ===
 422
 Content-Type: application/json
 Content-Length: 105
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"boolean":"not a valid boolean"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"decimal":"decimal too precise"}}
 ===
 PUT /records/types/1
 
-{"boolean":null}
+{"decimal":113131.3145345}
 ===
 422
 Content-Type: application/json
-Content-Length: 100
+Content-Length: 105
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"boolean":"cannot be null"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"decimal":"decimal too precise"}}
 ===
 PUT /records/types/1
 
-{"date":"string"}
+{"decimal":11313131E-5}
 ===
 422
 Content-Type: application/json
-Content-Length: 117
+Content-Length: 105
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"date":"invalid date format use yyyy-mm-dd"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"decimal":"decimal too precise"}}
 ===
 PUT /records/types/1
 
-{"date":"still-no-date"}
+{"float":"string"}
 ===
 422
 Content-Type: application/json
-Content-Length: 99
+Content-Length: 97
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"date":"not a valid date"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"float":"invalid float"}}
 ===
 PUT /records/types/1
 
-{"time":"string"}
+{"double":"string"}
 ===
 422
 Content-Type: application/json
-Content-Length: 115
+Content-Length: 98
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"time":"invalid time format use hh:mm:ss"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"double":"invalid float"}}
 ===
 PUT /records/types/1
 
-{"time":"still:no:time"}
+{"boolean":-1}
 ===
 422
 Content-Type: application/json
-Content-Length: 105
+Content-Length: 101
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"time":"non-numeric time value"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"boolean":"invalid boolean"}}
 ===
 PUT /records/types/1
 
-{"time":"999:999:999"}
+{"date":"string"}
 ===
 422
 Content-Type: application/json
-Content-Length: 99
+Content-Length: 95
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"time":"not a valid time"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"date":"invalid date"}}
 ===
 PUT /records/types/1
 
-{"timestamp":"string"}
+{"date":"still-no-date"}
 ===
 422
 Content-Type: application/json
-Content-Length: 136
+Content-Length: 95
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"timestamp":"invalid timestamp format use yyyy-mm-dd hh:mm:ss"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"date":"invalid date"}}
 ===
 PUT /records/types/1
 
-{"timestamp":"string 01:01:01"}
+{"time":"string"}
 ===
 422
 Content-Type: application/json
-Content-Length: 122
+Content-Length: 95
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"timestamp":"invalid date format use yyyy-mm-dd"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"time":"invalid time"}}
 ===
 PUT /records/types/1
 
-{"timestamp":"still-no-date 01:01:01"}
+{"time":"still:no:time"}
 ===
 422
 Content-Type: application/json
-Content-Length: 104
+Content-Length: 95
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"timestamp":"not a valid date"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"time":"invalid time"}}
 ===
 PUT /records/types/1
 
-{"timestamp":"2001-01-01 string"}
+{"time":"999:999:999"}
 ===
 422
 Content-Type: application/json
-Content-Length: 120
+Content-Length: 95
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"timestamp":"invalid time format use hh:mm:ss"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"time":"invalid time"}}
 ===
 PUT /records/types/1
 
-{"timestamp":"2001-01-01 still:no:time"}
+{"timestamp":"string"}
 ===
 422
 Content-Type: application/json
-Content-Length: 110
+Content-Length: 105
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"timestamp":"non-numeric time value"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"timestamp":"invalid timestamp"}}
 ===
 PUT /records/types/1
 
@@ -242,13 +256,13 @@ PUT /records/types/1
 ===
 422
 Content-Type: application/json
-Content-Length: 104
+Content-Length: 105
 
-{"code":1013,"message":"Input validation failed for 'types'","details":{"timestamp":"not a valid time"}}
+{"code":1013,"message":"Input validation failed for 'types'","details":{"timestamp":"invalid timestamp"}}
 ===
 PUT /records/types/1
 
-{"clob":"HLnVf8PrxX/vPMElDxrlFLIHoBd1fnLVSXVEDLjt0bk="}
+{"clob":"𠜎𠜱𠝹𠱓𠱸𠲖𠳏𠳕𠴕𠵼𠵿𠸎𠸏𠹷𠺝𠺢𠻗"}
 ===
 200
 Content-Type: application/json
@@ -258,7 +272,17 @@ Content-Length: 1
 ===
 PUT /records/types/1
 
-{"blob":"T8O5IGVzdCBsZSBjYWbDqSBsZSBwbHVzIHByb2NoZT8="}
+{"blob":"!"}
+===
+422
+Content-Type: application/json
+Content-Length: 97
+
+{"code":1013,"message":"Input validation failed for 'types'","details":{"blob":"invalid base64"}}
+===
+PUT /records/types/1
+
+{"blob":"T8O5IGVzdCBsZSBjYWbDqSBsZSBwbHVzIHByb2NoZT8"}
 ===
 200
 Content-Type: application/json
@@ -270,9 +294,9 @@ GET /records/types/1
 ===
 200
 Content-Type: application/json
-Content-Length: 305
+Content-Length: 334
 
-{"id":1,"integer":3,"bigint":3,"varchar":"c","decimal":"3.0000","float":3,"double":3,"boolean":true,"date":"2000-01-03","time":"03:01:01","timestamp":"2000-01-03 03:01:01","clob":"HLnVf8PrxX\/vPMElDxrlFLIHoBd1fnLVSXVEDLjt0bk=","blob":"T8O5IGVzdCBsZSBjYWbDqSBsZSBwbHVzIHByb2NoZT8=","geometry":"POINT(3 3)"}
+{"id":1,"integer":2,"bigint":3,"varchar":"abc","decimal":"1.2300","float":1,"double":23.45,"boolean":true,"date":"1970-01-01","time":"00:00:01","timestamp":"2001-02-03 04:05:06","clob":"𠜎𠜱𠝹𠱓𠱸𠲖𠳏𠳕𠴕𠵼𠵿𠸎𠸏𠹷𠺝𠺢𠻗","blob":"T8O5IGVzdCBsZSBjYWbDqSBsZSBwbHVzIHByb2NoZT8=","geometry":"POINT(1 2)"}
 ===
 DELETE /columns/types
 ===