nas
/
todo_api
Observar 2
Favorito 1
Fork 0
Código Issues 1 Pull requests 0 Versões 0 Wiki Atividade
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
1707 Commits
1 Branch
Tag: b455d66ca8
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de b455d66ca8
${ noResults }
todo_api/src/Tqdev/PhpCrudApi/Middleware/ValidationMiddleware.php

ValidationMiddleware.php 6.3KB
Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226 
  1. <?php

  2. 

  3. namespace Tqdev\PhpCrudApi\Middleware;

  4. 

  5. use Psr\Http\Message\ResponseInterface;

  6. use Psr\Http\Message\ServerRequestInterface;

  7. use Psr\Http\Server\RequestHandlerInterface;

  8. use Tqdev\PhpCrudApi\Column\ReflectionService;

  9. use Tqdev\PhpCrudApi\Column\Reflection\ReflectedTable;

  10. use Tqdev\PhpCrudApi\Column\Reflection\ReflectedColumn;

  11. use Tqdev\PhpCrudApi\Controller\Responder;

  12. use Tqdev\PhpCrudApi\Middleware\Base\Middleware;

  13. use Tqdev\PhpCrudApi\Middleware\Router\Router;

  14. use Tqdev\PhpCrudApi\Record\ErrorCode;

  15. use Tqdev\PhpCrudApi\RequestUtils;

  16. 

  17. class ValidationMiddleware extends Middleware

  18. {

  19. 	private $reflection;

  20. 

  21. 	public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection)

  22. 	{

  23. 		parent::__construct($router, $responder, $properties);

  24. 		$this->reflection = $reflection;

  25. 	}

  26. 

  27. 	private function callHandler($handler, $record, string $operation, ReflectedTable $table) /*: ResponseInterface?*/

  28. 	{

  29. 		$context = (array) $record;

  30. 		$details = array();

  31. 		$tableName = $table->getName();

  32. 		foreach ($context as $columnName => $value) {

  33. 			if ($table->hasColumn($columnName)) {

  34. 				$column = $table->getColumn($columnName);

  35. 				$valid = call_user_func($handler, $operation, $tableName, $column->serialize(), $value, $context);

  36. 				if ($valid === true || $valid === '') {

  37. 					$valid = $this->validateType($column, $value);

  38. 				}

  39. 				if ($valid !== true && $valid !== '') {

  40. 					$details[$columnName] = $valid;

  41. 				}

  42. 			}

  43. 		}

  44. 		if (count($details) > 0) {

  45. 			return $this->responder->error(ErrorCode::INPUT_VALIDATION_FAILED, $tableName, $details);

  46. 		}

  47. 		return null;

  48. 	}

  49. 

  50. 	private function validateType(ReflectedColumn $column, $value)

  51. 	{

  52. 		$types = $this->getArrayProperty('types', 'all');

  53. 		if (in_array('all', $types) || in_array($column->getType(), $types)) {

  54. 			if (is_null($value)) {

  55. 				return ($column->getNullable() ? true : "cannot be null");

  56. 			}

  57. 			if (is_string($value)) {

  58. 				// check for whitespace

  59. 				switch ($column->getType()) {

  60. 					case 'varchar':

  61. 					case 'clob':

  62. 						break;

  63. 					default:

  64. 						if (strlen(trim($value)) != strlen($value)) {

  65. 							return 'illegal whitespace';

  66. 						}

  67. 						break;

  68. 				}

  69. 				// try to parse

  70. 				switch ($column->getType()) {

  71. 					case 'integer':

  72. 					case 'bigint':

  73. 						if (

  74. 							filter_var($value, FILTER_SANITIZE_NUMBER_INT) !== $value ||

  75. 							filter_var($value, FILTER_VALIDATE_INT) === false

  76. 						) {

  77. 							return 'invalid integer';

  78. 						}

  79. 						break;

  80. 					case 'varchar':

  81. 						if (mb_strlen($value, 'UTF-8') > $column->getLength()) {

  82. 							return 'string too long';

  83. 						}

  84. 						break;

  85. 					case 'decimal':

  86. 						if (!is_numeric($value)) {

  87. 							return 'invalid decimal';

  88. 						}

  89. 						break;

  90. 					case 'float':

  91. 					case 'double':

  92. 						if (

  93. 							filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT) !== $value ||

  94. 							filter_var($value, FILTER_VALIDATE_FLOAT) === false

  95. 						) {

  96. 							return 'invalid float';

  97. 						}

  98. 						break;

  99. 					case 'boolean':

  100. 						if (

  101. 							filter_var($value, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE) === null

  102. 						) {

  103. 							return 'invalid boolean';

  104. 						}

  105. 						break;

  106. 					case 'date':

  107. 						if (date_create_from_format('Y-m-d', $value) === false) {

  108. 							return 'invalid date';

  109. 						}

  110. 						break;

  111. 					case 'time':

  112. 						if (date_create_from_format('H:i:s', $value) === false) {

  113. 							return 'invalid time';

  114. 						}

  115. 						break;

  116. 					case 'timestamp':

  117. 						if (date_create_from_format('Y-m-d H:i:s', $value) === false) {

  118. 							return 'invalid timestamp';

  119. 						}

  120. 						break;

  121. 					case 'clob':

  122. 						// no checks needed

  123. 						break;

  124. 					case 'blob':

  125. 					case 'varbinary':

  126. 						if (base64_decode($value, true) === false) {

  127. 							return 'invalid base64';

  128. 						}

  129. 						break;

  130. 					case 'geometry':

  131. 						// no checks yet

  132. 						break;

  133. 				}

  134. 			} else { // check non-string types

  135. 				switch ($column->getType()) {

  136. 					case 'integer':

  137. 					case 'bigint':

  138. 						if (!is_int($value)) {

  139. 							return 'invalid integer';

  140. 						}

  141. 						break;

  142. 					case 'decimal':

  143. 					case 'float':

  144. 					case 'double':

  145. 						if (!is_float($value) && !is_int($value)) {

  146. 							return 'invalid float';

  147. 						}

  148. 						break;

  149. 					case 'boolean':

  150. 						if (!(is_int($value) && ($value === 1 || $value === 0)) && !is_bool($value)) {

  151. 							return 'invalid boolean';

  152. 						}

  153. 						break;

  154. 					default:

  155. 						return 'invalid ' . $column->getType();

  156. 				}

  157. 			}

  158. 			// extra checks

  159. 			switch ($column->getType()) {

  160. 				case 'integer': // 4 byte signed

  161. 					$value = filter_var($value, FILTER_VALIDATE_INT);

  162. 					if ($value > 2147483647 || $value < -2147483648) {

  163. 						return 'invalid integer';

  164. 					}

  165. 					break;

  166. 				case 'decimal':

  167. 					$value = "$value";

  168. 					if (strpos($value, '.') !== false) {

  169. 						list($whole, $decimals) = explode('.', $value, 2);

  170. 					} else {

  171. 						list($whole, $decimals) = array($value, '');

  172. 					}

  173. 					if (strlen($whole) > 0 && !ctype_digit($whole)) {

  174. 						return 'invalid decimal';

  175. 					}

  176. 					if (strlen($decimals) > 0 && !ctype_digit($decimals)) {

  177. 						return 'invalid decimal';

  178. 					}

  179. 					if (strlen($whole) > $column->getPrecision() - $column->getScale()) {

  180. 						return 'decimal too large';

  181. 					}

  182. 					if (strlen($decimals) > $column->getScale()) {

  183. 						return 'decimal too precise';

  184. 					}

  185. 					break;

  186. 				case 'varbinary':

  187. 					if (strlen(base64_decode($value)) > $column->getLength()) {

  188. 						return 'string too long';

  189. 					}

  190. 					break;

  191. 			}

  192. 		}

  193. 		return (true);

  194. 	}

  195. 

  196. 	public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface

  197. 	{

  198. 		$operation = RequestUtils::getOperation($request);

  199. 		if (in_array($operation, ['create', 'update', 'increment'])) {

  200. 			$tableName = RequestUtils::getPathSegment($request, 2);

  201. 			if ($this->reflection->hasTable($tableName)) {

  202. 				$record = $request->getParsedBody();

  203. 				if ($record !== null) {

  204. 					$handler = $this->getProperty('handler', '');

  205. 					if ($handler !== '') {

  206. 						$table = $this->reflection->getTable($tableName);

  207. 						if (is_array($record)) {

  208. 							foreach ($record as $r) {

  209. 								$response = $this->callHandler($handler, $r, $operation, $table);

  210. 								if ($response !== null) {

  211. 									return $response;

  212. 								}

  213. 							}

  214. 						} else {

  215. 							$response = $this->callHandler($handler, $record, $operation, $table);

  216. 							if ($response !== null) {

  217. 								return $response;

  218. 							}

  219. 						}

  220. 					}

  221. 				}

  222. 			}

  223. 		}

  224. 		return $next->handle($request);

  225. 	}

  226. }