nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1707 Commits
1 Branch
Tree: b455d66ca8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'b455d66ca8'
${ noResults }
todo_api/src/Tqdev/PhpCrudApi/Middleware/ValidationMiddleware.php

ValidationMiddleware.php 6.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226 
  1. <?php

  2. 

  3. namespace Tqdev\PhpCrudApi\Middleware;

  4. 

  5. use Psr\Http\Message\ResponseInterface;

  6. use Psr\Http\Message\ServerRequestInterface;

  7. use Psr\Http\Server\RequestHandlerInterface;

  8. use Tqdev\PhpCrudApi\Column\ReflectionService;

  9. use Tqdev\PhpCrudApi\Column\Reflection\ReflectedTable;

  10. use Tqdev\PhpCrudApi\Column\Reflection\ReflectedColumn;

  11. use Tqdev\PhpCrudApi\Controller\Responder;

  12. use Tqdev\PhpCrudApi\Middleware\Base\Middleware;

  13. use Tqdev\PhpCrudApi\Middleware\Router\Router;

  14. use Tqdev\PhpCrudApi\Record\ErrorCode;

  15. use Tqdev\PhpCrudApi\RequestUtils;

  16. 

  17. class ValidationMiddleware extends Middleware

  18. {

  19. 	private $reflection;

  20. 

  21. 	public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection)

  22. 	{

  23. 		parent::__construct($router, $responder, $properties);

  24. 		$this->reflection = $reflection;

  25. 	}

  26. 

  27. 	private function callHandler($handler, $record, string $operation, ReflectedTable $table) /*: ResponseInterface?*/

  28. 	{

  29. 		$context = (array) $record;

  30. 		$details = array();

  31. 		$tableName = $table->getName();

  32. 		foreach ($context as $columnName => $value) {

  33. 			if ($table->hasColumn($columnName)) {

  34. 				$column = $table->getColumn($columnName);

  35. 				$valid = call_user_func($handler, $operation, $tableName, $column->serialize(), $value, $context);

  36. 				if ($valid === true || $valid === '') {

  37. 					$valid = $this->validateType($column, $value);

  38. 				}

  39. 				if ($valid !== true && $valid !== '') {

  40. 					$details[$columnName] = $valid;

  41. 				}

  42. 			}

  43. 		}

  44. 		if (count($details) > 0) {

  45. 			return $this->responder->error(ErrorCode::INPUT_VALIDATION_FAILED, $tableName, $details);

  46. 		}

  47. 		return null;

  48. 	}

  49. 

  50. 	private function validateType(ReflectedColumn $column, $value)

  51. 	{

  52. 		$types = $this->getArrayProperty('types', 'all');

  53. 		if (in_array('all', $types) || in_array($column->getType(), $types)) {

  54. 			if (is_null($value)) {

  55. 				return ($column->getNullable() ? true : "cannot be null");

  56. 			}

  57. 			if (is_string($value)) {

  58. 				// check for whitespace

  59. 				switch ($column->getType()) {

  60. 					case 'varchar':

  61. 					case 'clob':

  62. 						break;

  63. 					default:

  64. 						if (strlen(trim($value)) != strlen($value)) {

  65. 							return 'illegal whitespace';

  66. 						}

  67. 						break;

  68. 				}

  69. 				// try to parse

  70. 				switch ($column->getType()) {

  71. 					case 'integer':

  72. 					case 'bigint':

  73. 						if (

  74. 							filter_var($value, FILTER_SANITIZE_NUMBER_INT) !== $value ||

  75. 							filter_var($value, FILTER_VALIDATE_INT) === false

  76. 						) {

  77. 							return 'invalid integer';

  78. 						}

  79. 						break;

  80. 					case 'varchar':

  81. 						if (mb_strlen($value, 'UTF-8') > $column->getLength()) {

  82. 							return 'string too long';

  83. 						}

  84. 						break;

  85. 					case 'decimal':

  86. 						if (!is_numeric($value)) {

  87. 							return 'invalid decimal';

  88. 						}

  89. 						break;

  90. 					case 'float':

  91. 					case 'double':

  92. 						if (

  93. 							filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT) !== $value ||

  94. 							filter_var($value, FILTER_VALIDATE_FLOAT) === false

  95. 						) {

  96. 							return 'invalid float';

  97. 						}

  98. 						break;

  99. 					case 'boolean':

  100. 						if (

  101. 							filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) === null

  102. 						) {

  103. 							return 'invalid boolean';

  104. 						}

  105. 						break;

  106. 					case 'date':

  107. 						if (date_create_from_format('Y-m-d', $value) === false) {

  108. 							return 'invalid date';

  109. 						}

  110. 						break;

  111. 					case 'time':

  112. 						if (date_create_from_format('H:i:s', $value) === false) {

  113. 							return 'invalid time';

  114. 						}

  115. 						break;

  116. 					case 'timestamp':

  117. 						if (date_create_from_format('Y-m-d H:i:s', $value) === false) {

  118. 							return 'invalid timestamp';

  119. 						}

  120. 						break;

  121. 					case 'clob':

  122. 						// no checks needed

  123. 						break;

  124. 					case 'blob':

  125. 					case 'varbinary':

  126. 						if (base64_decode($value, true) === false) {

  127. 							return 'invalid base64';

  128. 						}

  129. 						break;

  130. 					case 'geometry':

  131. 						// no checks yet

  132. 						break;

  133. 				}

  134. 			} else { // check non-string types

  135. 				switch ($column->getType()) {

  136. 					case 'integer':

  137. 					case 'bigint':

  138. 						if (!is_int($value)) {

  139. 							return 'invalid integer';

  140. 						}

  141. 						break;

  142. 					case 'decimal':

  143. 					case 'float':

  144. 					case 'double':

  145. 						if (!is_float($value) && !is_int($value)) {

  146. 							return 'invalid float';

  147. 						}

  148. 						break;

  149. 					case 'boolean':

  150. 						if (!(is_int($value) && ($value === 1 || $value === 0)) && !is_bool($value)) {

  151. 							return 'invalid boolean';

  152. 						}

  153. 						break;

  154. 					default:

  155. 						return 'invalid ' . $column->getType();

  156. 				}

  157. 			}

  158. 			// extra checks

  159. 			switch ($column->getType()) {

  160. 				case 'integer': // 4 byte signed

  161. 					$value = filter_var($value, FILTER_VALIDATE_INT);

  162. 					if ($value > 2147483647 || $value < -2147483648) {

  163. 						return 'invalid integer';

  164. 					}

  165. 					break;

  166. 				case 'decimal':

  167. 					$value = "$value";

  168. 					if (strpos($value, '.') !== false) {

  169. 						list($whole, $decimals) = explode('.', $value, 2);

  170. 					} else {

  171. 						list($whole, $decimals) = array($value, '');

  172. 					}

  173. 					if (strlen($whole) > 0 && !ctype_digit($whole)) {

  174. 						return 'invalid decimal';

  175. 					}

  176. 					if (strlen($decimals) > 0 && !ctype_digit($decimals)) {

  177. 						return 'invalid decimal';

  178. 					}

  179. 					if (strlen($whole) > $column->getPrecision() - $column->getScale()) {

  180. 						return 'decimal too large';

  181. 					}

  182. 					if (strlen($decimals) > $column->getScale()) {

  183. 						return 'decimal too precise';

  184. 					}

  185. 					break;

  186. 				case 'varbinary':

  187. 					if (strlen(base64_decode($value)) > $column->getLength()) {

  188. 						return 'string too long';

  189. 					}

  190. 					break;

  191. 			}

  192. 		}

  193. 		return (true);

  194. 	}

  195. 

  196. 	public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface

  197. 	{

  198. 		$operation = RequestUtils::getOperation($request);

  199. 		if (in_array($operation, ['create', 'update', 'increment'])) {

  200. 			$tableName = RequestUtils::getPathSegment($request, 2);

  201. 			if ($this->reflection->hasTable($tableName)) {

  202. 				$record = $request->getParsedBody();

  203. 				if ($record !== null) {

  204. 					$handler = $this->getProperty('handler', '');

  205. 					if ($handler !== '') {

  206. 						$table = $this->reflection->getTable($tableName);

  207. 						if (is_array($record)) {

  208. 							foreach ($record as $r) {

  209. 								$response = $this->callHandler($handler, $r, $operation, $table);

  210. 								if ($response !== null) {

  211. 									return $response;

  212. 								}

  213. 							}

  214. 						} else {

  215. 							$response = $this->callHandler($handler, $record, $operation, $table);

  216. 							if ($response !== null) {

  217. 								return $response;

  218. 							}

  219. 						}

  220. 					}

  221. 				}

  222. 			}

  223. 		}

  224. 		return $next->handle($request);

  225. 	}

  226. }