nas
/
todo_api
Observar 2
Favorito 1
Fork 0
Código Issues 1 Pull requests 0 Versões 0 Wiki Atividade
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
1709 Commits
1 Branch
Tag: 78e1314864
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 78e1314864
${ noResults }
todo_api/src/Tqdev/PhpCrudApi/Middleware/ValidationMiddleware.php

ValidationMiddleware.php 6.3KB
Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217 
  1. <?php

  2. 

  3. namespace Tqdev\PhpCrudApi\Middleware;

  4. 

  5. use Psr\Http\Message\ResponseInterface;

  6. use Psr\Http\Message\ServerRequestInterface;

  7. use Psr\Http\Server\RequestHandlerInterface;

  8. use Tqdev\PhpCrudApi\Column\ReflectionService;

  9. use Tqdev\PhpCrudApi\Column\Reflection\ReflectedTable;

  10. use Tqdev\PhpCrudApi\Column\Reflection\ReflectedColumn;

  11. use Tqdev\PhpCrudApi\Controller\Responder;

  12. use Tqdev\PhpCrudApi\Middleware\Base\Middleware;

  13. use Tqdev\PhpCrudApi\Middleware\Router\Router;

  14. use Tqdev\PhpCrudApi\Record\ErrorCode;

  15. use Tqdev\PhpCrudApi\RequestUtils;

  16. 

  17. class ValidationMiddleware extends Middleware

  18. {

  19. 	private $reflection;

  20. 

  21. 	public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection)

  22. 	{

  23. 		parent::__construct($router, $responder, $properties);

  24. 		$this->reflection = $reflection;

  25. 	}

  26. 

  27. 	private function callHandler($handler, $record, string $operation, ReflectedTable $table) /*: ResponseInterface?*/

  28. 	{

  29. 		$context = (array) $record;

  30. 		$details = array();

  31. 		$tableName = $table->getName();

  32. 		foreach ($context as $columnName => $value) {

  33. 			if ($table->hasColumn($columnName)) {

  34. 				$column = $table->getColumn($columnName);

  35. 				$valid = call_user_func($handler, $operation, $tableName, $column->serialize(), $value, $context);

  36. 				if ($valid === true || $valid === '') {

  37. 					$valid = $this->validateType($table, $column, $value);

  38. 				}

  39. 				if ($valid !== true && $valid !== '') {

  40. 					$details[$columnName] = $valid;

  41. 				}

  42. 			}

  43. 		}

  44. 		if (count($details) > 0) {

  45. 			return $this->responder->error(ErrorCode::INPUT_VALIDATION_FAILED, $tableName, $details);

  46. 		}

  47. 		return null;

  48. 	}

  49. 

  50. 	private function validateType(ReflectedTable $table, ReflectedColumn $column, $value)

  51. 	{

  52. 		$tables = $this->getArrayProperty('tables', 'all');

  53. 		$types = $this->getArrayProperty('types', 'all');

  54. 		if (

  55. 			(in_array('all', $tables) || in_array($table->getName(), $tables)) &&

  56. 			(in_array('all', $types) || in_array($column->getType(), $types))

  57. 		) {

  58. 			if (is_null($value)) {

  59. 				return ($column->getNullable() ? true : "cannot be null");

  60. 			}

  61. 			if (is_string($value)) {

  62. 				// check for whitespace

  63. 				switch ($column->getType()) {

  64. 					case 'varchar':

  65. 					case 'clob':

  66. 						break;

  67. 					default:

  68. 						if (strlen(trim($value)) != strlen($value)) {

  69. 							return 'illegal whitespace';

  70. 						}

  71. 						break;

  72. 				}

  73. 				// try to parse

  74. 				switch ($column->getType()) {

  75. 					case 'integer':

  76. 					case 'bigint':

  77. 						if (

  78. 							filter_var($value, FILTER_SANITIZE_NUMBER_INT) !== $value ||

  79. 							filter_var($value, FILTER_VALIDATE_INT) === false

  80. 						) {

  81. 							return 'invalid integer';

  82. 						}

  83. 						break;

  84. 					case 'decimal':

  85. 						if (strpos($value, '.') !== false) {

  86. 							list($whole, $decimals) = explode('.', $value, 2);

  87. 						} else {

  88. 							list($whole, $decimals) = array($value, '');

  89. 						}

  90. 						if (strlen($whole) > 0 && !ctype_digit($whole)) {

  91. 							return 'invalid decimal';

  92. 						}

  93. 						if (strlen($decimals) > 0 && !ctype_digit($decimals)) {

  94. 							return 'invalid decimal';

  95. 						}

  96. 						if (strlen($whole) > $column->getPrecision() - $column->getScale()) {

  97. 							return 'decimal too large';

  98. 						}

  99. 						if (strlen($decimals) > $column->getScale()) {

  100. 							return 'decimal too precise';

  101. 						}

  102. 						break;

  103. 					case 'float':

  104. 					case 'double':

  105. 						if (

  106. 							filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT) !== $value ||

  107. 							filter_var($value, FILTER_VALIDATE_FLOAT) === false

  108. 						) {

  109. 							return 'invalid float';

  110. 						}

  111. 						break;

  112. 					case 'boolean':

  113. 						if (!in_array(strtolower($value), array('true', 'false'))) {

  114. 							return 'invalid boolean';

  115. 						}

  116. 						break;

  117. 					case 'date':

  118. 						if (date_create_from_format('Y-m-d', $value) === false) {

  119. 							return 'invalid date';

  120. 						}

  121. 						break;

  122. 					case 'time':

  123. 						if (date_create_from_format('H:i:s', $value) === false) {

  124. 							return 'invalid time';

  125. 						}

  126. 						break;

  127. 					case 'timestamp':

  128. 						if (date_create_from_format('Y-m-d H:i:s', $value) === false) {

  129. 							return 'invalid timestamp';

  130. 						}

  131. 						break;

  132. 					case 'clob':

  133. 					case 'varchar':

  134. 						if ($column->hasLength() && mb_strlen($value, 'UTF-8') > $column->getLength()) {

  135. 							return 'string too long';

  136. 						}

  137. 						break;

  138. 					case 'blob':

  139. 					case 'varbinary':

  140. 						if (base64_decode($value, true) === false) {

  141. 							return 'invalid base64';

  142. 						}

  143. 						if ($column->hasLength() && strlen(base64_decode($value)) > $column->getLength()) {

  144. 							return 'string too long';

  145. 						}

  146. 						break;

  147. 					case 'geometry':

  148. 						// no checks yet

  149. 						break;

  150. 				}

  151. 			} else { // check non-string types

  152. 				switch ($column->getType()) {

  153. 					case 'integer':

  154. 					case 'bigint':

  155. 						if (!is_int($value)) {

  156. 							return 'invalid integer';

  157. 						}

  158. 						break;

  159. 					case 'float':

  160. 					case 'double':

  161. 						if (!is_float($value) && !is_int($value)) {

  162. 							return 'invalid float';

  163. 						}

  164. 						break;

  165. 					case 'boolean':

  166. 						if (!is_bool($value) && ($value !== 0) && ($value !== 1)) {

  167. 							return 'invalid boolean';

  168. 						}

  169. 						break;

  170. 					default:

  171. 						return 'invalid ' . $column->getType();

  172. 				}

  173. 			}

  174. 			// extra checks

  175. 			switch ($column->getType()) {

  176. 				case 'integer': // 4 byte signed

  177. 					$value = filter_var($value, FILTER_VALIDATE_INT);

  178. 					if ($value > 2147483647 || $value < -2147483648) {

  179. 						return 'invalid integer';

  180. 					}

  181. 					break;

  182. 			}

  183. 		}

  184. 		return (true);

  185. 	}

  186. 

  187. 	public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface

  188. 	{

  189. 		$operation = RequestUtils::getOperation($request);

  190. 		if (in_array($operation, ['create', 'update', 'increment'])) {

  191. 			$tableName = RequestUtils::getPathSegment($request, 2);

  192. 			if ($this->reflection->hasTable($tableName)) {

  193. 				$record = $request->getParsedBody();

  194. 				if ($record !== null) {

  195. 					$handler = $this->getProperty('handler', '');

  196. 					if ($handler !== '') {

  197. 						$table = $this->reflection->getTable($tableName);

  198. 						if (is_array($record)) {

  199. 							foreach ($record as $r) {

  200. 								$response = $this->callHandler($handler, $r, $operation, $table);

  201. 								if ($response !== null) {

  202. 									return $response;

  203. 								}

  204. 							}

  205. 						} else {

  206. 							$response = $this->callHandler($handler, $record, $operation, $table);

  207. 							if ($response !== null) {

  208. 								return $response;

  209. 							}

  210. 						}

  211. 					}

  212. 				}

  213. 			}

  214. 		}

  215. 		return $next->handle($request);

  216. 	}

  217. }