nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1709 Commits
1 Branch
Tree: 78e1314864
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '78e1314864'
${ noResults }
todo_api/src/Tqdev/PhpCrudApi/Middleware/SanitationMiddleware.php

SanitationMiddleware.php 6.1KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 
  1. <?php

  2. 

  3. namespace Tqdev\PhpCrudApi\Middleware;

  4. 

  5. use Psr\Http\Message\ResponseInterface;

  6. use Psr\Http\Message\ServerRequestInterface;

  7. use Psr\Http\Server\RequestHandlerInterface;

  8. use Tqdev\PhpCrudApi\Column\Reflection\ReflectedTable;

  9. use Tqdev\PhpCrudApi\Column\Reflection\ReflectedColumn;

  10. use Tqdev\PhpCrudApi\Column\ReflectionService;

  11. use Tqdev\PhpCrudApi\Controller\Responder;

  12. use Tqdev\PhpCrudApi\Middleware\Base\Middleware;

  13. use Tqdev\PhpCrudApi\Middleware\Router\Router;

  14. use Tqdev\PhpCrudApi\RequestUtils;

  15. 

  16. class SanitationMiddleware extends Middleware

  17. {

  18.     private $reflection;

  19. 

  20.     public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection)

  21.     {

  22.         parent::__construct($router, $responder, $properties);

  23.         $this->reflection = $reflection;

  24.     }

  25. 

  26.     private function callHandler($handler, $record, string $operation, ReflectedTable $table) /*: object */

  27.     {

  28.         $context = (array) $record;

  29.         $tableName = $table->getName();

  30.         foreach ($context as $columnName => &$value) {

  31.             if ($table->hasColumn($columnName)) {

  32.                 $column = $table->getColumn($columnName);

  33.                 $value = call_user_func($handler, $operation, $tableName, $column->serialize(), $value);

  34.                 $value = $this->sanitizeType($table, $column, $value);

  35.             }

  36.         }

  37.         return (object) $context;

  38.     }

  39. 

  40.     private function sanitizeType(ReflectedTable $table, ReflectedColumn $column, $value)

  41.     {

  42.         $tables = $this->getArrayProperty('tables', 'all');

  43.         $types = $this->getArrayProperty('types', 'all');

  44.         if (

  45.             (in_array('all', $tables) || in_array($table->getName(), $tables)) &&

  46.             (in_array('all', $types) || in_array($column->getType(), $types))

  47.         ) {

  48.             if (is_null($value)) {

  49.                 return $value;

  50.             }

  51.             if (is_string($value)) {

  52.                 $newValue = null;

  53.                 switch ($column->getType()) {

  54.                     case 'integer':

  55.                     case 'bigint':

  56.                         $newValue = filter_var(trim($value), FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);

  57.                         break;

  58.                     case 'decimal':

  59.                         $newValue = filter_var(trim($value), FILTER_VALIDATE_FLOAT, FILTER_NULL_ON_FAILURE);

  60.                         if (is_float($newValue)) {

  61.                             $newValue = number_format($newValue, $column->getScale(), '.', '');

  62.                         }

  63.                         break;

  64.                     case 'float':

  65.                     case 'double':

  66.                         $newValue = filter_var(trim($value), FILTER_VALIDATE_FLOAT, FILTER_NULL_ON_FAILURE);

  67.                         break;

  68.                     case 'boolean':

  69.                         $newValue = filter_var(trim($value), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);

  70.                         break;

  71.                     case 'date':

  72.                         $time = strtotime(trim($value));

  73.                         if ($time !== false) {

  74.                             $newValue = date('Y-m-d', $time);

  75.                         }

  76.                         break;

  77.                     case 'time':

  78.                         $time = strtotime(trim($value));

  79.                         if ($time !== false) {

  80.                             $newValue = date('H:i:s', $time);

  81.                         }

  82.                         break;

  83.                     case 'timestamp':

  84.                         $time = strtotime(trim($value));

  85.                         if ($time !== false) {

  86.                             $newValue = date('Y-m-d H:i:s', $time);

  87.                         }

  88.                         break;

  89.                     case 'blob':

  90.                     case 'varbinary':

  91.                         // allow base64url format

  92.                         $newValue = strtr(trim($value), '-_', '+/');

  93.                         break;

  94.                     case 'clob':

  95.                     case 'varchar':

  96.                         $newValue = $value;

  97.                         break;

  98.                     case 'geometry':

  99.                         $newValue = trim($value);

  100.                         break;

  101.                 }

  102.                 if (!is_null($newValue)) {

  103.                     $value = $newValue;

  104.                 }

  105.             } else {

  106.                 switch ($column->getType()) {

  107.                     case 'integer':

  108.                     case 'bigint':

  109.                         if (is_float($value)) {

  110.                             $value = (int) round($value);

  111.                         }

  112.                         break;

  113.                     case 'decimal':

  114.                         if (is_float($value) || is_int($value)) {

  115.                             $value = number_format((float) $value, $column->getScale(), '.', '');

  116.                         }

  117.                         break;

  118.                 }

  119.             }

  120.             // post process

  121.         }

  122.         return $value;

  123.     }

  124. 

  125.     public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface

  126.     {

  127.         $operation = RequestUtils::getOperation($request);

  128.         if (in_array($operation, ['create', 'update', 'increment'])) {

  129.             $tableName = RequestUtils::getPathSegment($request, 2);

  130.             if ($this->reflection->hasTable($tableName)) {

  131.                 $record = $request->getParsedBody();

  132.                 if ($record !== null) {

  133.                     $handler = $this->getProperty('handler', '');

  134.                     if ($handler !== '') {

  135.                         $table = $this->reflection->getTable($tableName);

  136.                         if (is_array($record)) {

  137.                             foreach ($record as &$r) {

  138.                                 $r = $this->callHandler($handler, $r, $operation, $table);

  139.                             }

  140.                         } else {

  141.                             $record = $this->callHandler($handler, $record, $operation, $table);

  142.                         }

  143.                         $request = $request->withParsedBody($record);

  144.                     }

  145.                 }

  146.             }

  147.         }

  148.         return $next->handle($request);

  149.     }

  150. }