beastbytes / yii-middleware
PSR15 middleware classes for Yii3
Requires
- php: ^8.0
- httpsoft/http-message: ^1.0
- psr/http-message: ^1.0
- psr/http-server-handler: ^1.0
- yiisoft/router: ^3.0
- yiisoft/router-fastroute: ^3.0
- yiisoft/session: ^2.0
- yiisoft/user: ^2.0
Requires (Dev)
- dg/bypass-finals: ^v1.0
- phpunit/phpunit: ^10.0
- roave/infection-static-analysis-plugin: ^1.7
- roave/security-advisories: dev-latest
- vimeo/psalm: ^5.0
This package is auto-updated.
Last update: 2024-04-03 00:19:01 UTC
README
The package provides middleware classes that implement PSR-15:
For more information on how to use middleware in the Yii Framework, see the Yii middleware guide.
Requirements
- PHP 8.0 or higher.
Installation
The preferred way to install this extension is through composer.
Either run
composer require --prefer-dist beastbytes/yii-middleware
or add
"beastbytes/yii-middleware": "^1.0.0"
to the require section of your composer.json.
General usage
All classes are separate implementations of PSR 15 middleware and don't interact with each other in any way.
AccessChecker
Checks that the current user has permission to access the current route; use in the route configuration.
return [ Route::get('/') // no checking ->action([AppController::class, 'index']) ->name('app.index'), Route::methods([Method::GET, Method::POST], '/login') // only allow if user is not logged in ->middleware( fn (AccessChecker $accessChecker) => $accessChecker->withPermission('isGuest') ) ->action([AuthController::class, 'login']) ->name('auth.login'), Route::get('/my-account') // only allow if user is logged in ->middleware( fn (AccessChecker $accessChecker) => !$accessChecker->withPermission('isGuest') ) ->action([UserController::class, 'view']) ->name('user.view'), Route::get('/post/create') // only allow if user create posts ->middleware( fn (AccessChecker $accessChecker) => !$accessChecker->withPermission('createPost') ) ->action([PostController::class, 'create']) ->name('post.create'), ];
GoBack
Stores the current route in the session so that it can be returned to; typically used after a user logs in.
Routes to be ignored - i.e. not stored in the session - can be added so that they do not overwrite the route to go back to; typically the login route is added.
In the router dependency injection configuration:
use BeastBytes\Yii\Middleware\GoBack; use Yiisoft\Config\Config; use Yiisoft\DataResponse\Middleware\FormatDataResponse; use Yiisoft\Router\Group; use Yiisoft\Router\RouteCollection; use Yiisoft\Router\RouteCollectionInterface; use Yiisoft\Router\RouteCollectorInterface; /** @var Config $config */ /** @var array $params */ return [ RouteCollectionInterface::class => static function (RouteCollectorInterface $collector) use ($config, $params) { $collector ->middleware(FormatDataResponse::class) ->middleware([ 'class' => GoBack::class, 'addIgnoredRoutes()' => [ $params['user']['loginRoute'] ] ]) ->addGroup( Group::create(null) ->routes(...$config->get('routes')) ); return new RouteCollection($collector); }, ];
In the controller where you want to return to a previous URL
use BeastBytes\Yii\Middleware\GoBackMiddleware; use Psr\Http\Message\ResponseFactoryInterface; use Psr\Http\Message\ResponseInterface; use Yiisoft\Http\Status; public function __construct( private ResponseFactoryInterface $responseFactory ) { } // Actions private function goBack(): ResponseInterface { return $this ->responseFactory ->createResponse(Status::SEE_OTHER) ->withAddedHeader('Location', $this ->session ->get(GoBack::URL_PARAM) ) ; }
Call goBack() from an action.
Testing
Unit testing
The package is tested with PHPUnit. To run tests:
./vendor/bin/phpunit
Mutation testing
The package tests are checked with Infection mutation framework with Infection Static Analysis Plugin. To run it:
./vendor/bin/roave-infection-static-analysis-plugin
Static analysis
The code is statically analyzed with Psalm. To run static analysis:
./vendor/bin/psalm
For license information check the LICENSE file.