nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1709 Commits
1 Branch
Tree: 78e1314864
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '78e1314864'
${ noResults }
todo_api/src/Tqdev/PhpCrudApi/Middleware/ValidationMiddleware.php

ValidationMiddleware.php 6.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217 
  1. <?php

  2. 

  3. namespace Tqdev\PhpCrudApi\Middleware;

  4. 

  5. use Psr\Http\Message\ResponseInterface;

  6. use Psr\Http\Message\ServerRequestInterface;

  7. use Psr\Http\Server\RequestHandlerInterface;

  8. use Tqdev\PhpCrudApi\Column\ReflectionService;

  9. use Tqdev\PhpCrudApi\Column\Reflection\ReflectedTable;

  10. use Tqdev\PhpCrudApi\Column\Reflection\ReflectedColumn;

  11. use Tqdev\PhpCrudApi\Controller\Responder;

  12. use Tqdev\PhpCrudApi\Middleware\Base\Middleware;

  13. use Tqdev\PhpCrudApi\Middleware\Router\Router;

  14. use Tqdev\PhpCrudApi\Record\ErrorCode;

  15. use Tqdev\PhpCrudApi\RequestUtils;

  16. 

  17. class ValidationMiddleware extends Middleware

  18. {

  19. 	private $reflection;

  20. 

  21. 	public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection)

  22. 	{

  23. 		parent::__construct($router, $responder, $properties);

  24. 		$this->reflection = $reflection;

  25. 	}

  26. 

  27. 	private function callHandler($handler, $record, string $operation, ReflectedTable $table) /*: ResponseInterface?*/

  28. 	{

  29. 		$context = (array) $record;

  30. 		$details = array();

  31. 		$tableName = $table->getName();

  32. 		foreach ($context as $columnName => $value) {

  33. 			if ($table->hasColumn($columnName)) {

  34. 				$column = $table->getColumn($columnName);

  35. 				$valid = call_user_func($handler, $operation, $tableName, $column->serialize(), $value, $context);

  36. 				if ($valid === true || $valid === '') {

  37. 					$valid = $this->validateType($table, $column, $value);

  38. 				}

  39. 				if ($valid !== true && $valid !== '') {

  40. 					$details[$columnName] = $valid;

  41. 				}

  42. 			}

  43. 		}

  44. 		if (count($details) > 0) {

  45. 			return $this->responder->error(ErrorCode::INPUT_VALIDATION_FAILED, $tableName, $details);

  46. 		}

  47. 		return null;

  48. 	}

  49. 

  50. 	private function validateType(ReflectedTable $table, ReflectedColumn $column, $value)

  51. 	{

  52. 		$tables = $this->getArrayProperty('tables', 'all');

  53. 		$types = $this->getArrayProperty('types', 'all');

  54. 		if (

  55. 			(in_array('all', $tables) || in_array($table->getName(), $tables)) &&

  56. 			(in_array('all', $types) || in_array($column->getType(), $types))

  57. 		) {

  58. 			if (is_null($value)) {

  59. 				return ($column->getNullable() ? true : "cannot be null");

  60. 			}

  61. 			if (is_string($value)) {

  62. 				// check for whitespace

  63. 				switch ($column->getType()) {

  64. 					case 'varchar':

  65. 					case 'clob':

  66. 						break;

  67. 					default:

  68. 						if (strlen(trim($value)) != strlen($value)) {

  69. 							return 'illegal whitespace';

  70. 						}

  71. 						break;

  72. 				}

  73. 				// try to parse

  74. 				switch ($column->getType()) {

  75. 					case 'integer':

  76. 					case 'bigint':

  77. 						if (

  78. 							filter_var($value, FILTER_SANITIZE_NUMBER_INT) !== $value ||

  79. 							filter_var($value, FILTER_VALIDATE_INT) === false

  80. 						) {

  81. 							return 'invalid integer';

  82. 						}

  83. 						break;

  84. 					case 'decimal':

  85. 						if (strpos($value, '.') !== false) {

  86. 							list($whole, $decimals) = explode('.', $value, 2);

  87. 						} else {

  88. 							list($whole, $decimals) = array($value, '');

  89. 						}

  90. 						if (strlen($whole) > 0 && !ctype_digit($whole)) {

  91. 							return 'invalid decimal';

  92. 						}

  93. 						if (strlen($decimals) > 0 && !ctype_digit($decimals)) {

  94. 							return 'invalid decimal';

  95. 						}

  96. 						if (strlen($whole) > $column->getPrecision() - $column->getScale()) {

  97. 							return 'decimal too large';

  98. 						}

  99. 						if (strlen($decimals) > $column->getScale()) {

  100. 							return 'decimal too precise';

  101. 						}

  102. 						break;

  103. 					case 'float':

  104. 					case 'double':

  105. 						if (

  106. 							filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT) !== $value ||

  107. 							filter_var($value, FILTER_VALIDATE_FLOAT) === false

  108. 						) {

  109. 							return 'invalid float';

  110. 						}

  111. 						break;

  112. 					case 'boolean':

  113. 						if (!in_array(strtolower($value), array('true', 'false'))) {

  114. 							return 'invalid boolean';

  115. 						}

  116. 						break;

  117. 					case 'date':

  118. 						if (date_create_from_format('Y-m-d', $value) === false) {

  119. 							return 'invalid date';

  120. 						}

  121. 						break;

  122. 					case 'time':

  123. 						if (date_create_from_format('H:i:s', $value) === false) {

  124. 							return 'invalid time';

  125. 						}

  126. 						break;

  127. 					case 'timestamp':

  128. 						if (date_create_from_format('Y-m-d H:i:s', $value) === false) {

  129. 							return 'invalid timestamp';

  130. 						}

  131. 						break;

  132. 					case 'clob':

  133. 					case 'varchar':

  134. 						if ($column->hasLength() && mb_strlen($value, 'UTF-8') > $column->getLength()) {

  135. 							return 'string too long';

  136. 						}

  137. 						break;

  138. 					case 'blob':

  139. 					case 'varbinary':

  140. 						if (base64_decode($value, true) === false) {

  141. 							return 'invalid base64';

  142. 						}

  143. 						if ($column->hasLength() && strlen(base64_decode($value)) > $column->getLength()) {

  144. 							return 'string too long';

  145. 						}

  146. 						break;

  147. 					case 'geometry':

  148. 						// no checks yet

  149. 						break;

  150. 				}

  151. 			} else { // check non-string types

  152. 				switch ($column->getType()) {

  153. 					case 'integer':

  154. 					case 'bigint':

  155. 						if (!is_int($value)) {

  156. 							return 'invalid integer';

  157. 						}

  158. 						break;

  159. 					case 'float':

  160. 					case 'double':

  161. 						if (!is_float($value) && !is_int($value)) {

  162. 							return 'invalid float';

  163. 						}

  164. 						break;

  165. 					case 'boolean':

  166. 						if (!is_bool($value) && ($value !== 0) && ($value !== 1)) {

  167. 							return 'invalid boolean';

  168. 						}

  169. 						break;

  170. 					default:

  171. 						return 'invalid ' . $column->getType();

  172. 				}

  173. 			}

  174. 			// extra checks

  175. 			switch ($column->getType()) {

  176. 				case 'integer': // 4 byte signed

  177. 					$value = filter_var($value, FILTER_VALIDATE_INT);

  178. 					if ($value > 2147483647 || $value < -2147483648) {

  179. 						return 'invalid integer';

  180. 					}

  181. 					break;

  182. 			}

  183. 		}

  184. 		return (true);

  185. 	}

  186. 

  187. 	public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface

  188. 	{

  189. 		$operation = RequestUtils::getOperation($request);

  190. 		if (in_array($operation, ['create', 'update', 'increment'])) {

  191. 			$tableName = RequestUtils::getPathSegment($request, 2);

  192. 			if ($this->reflection->hasTable($tableName)) {

  193. 				$record = $request->getParsedBody();

  194. 				if ($record !== null) {

  195. 					$handler = $this->getProperty('handler', '');

  196. 					if ($handler !== '') {

  197. 						$table = $this->reflection->getTable($tableName);

  198. 						if (is_array($record)) {

  199. 							foreach ($record as $r) {

  200. 								$response = $this->callHandler($handler, $r, $operation, $table);

  201. 								if ($response !== null) {

  202. 									return $response;

  203. 								}

  204. 							}

  205. 						} else {

  206. 							$response = $this->callHandler($handler, $record, $operation, $table);

  207. 							if ($response !== null) {

  208. 								return $response;

  209. 							}

  210. 						}

  211. 					}

  212. 				}

  213. 			}

  214. 		}

  215. 		return $next->handle($request);

  216. 	}

  217. }