beastbytes/yii-middleware

There is no license information available for the latest version (dev-master) of this package.

PSR15 middleware classes for Yii3

dev-master / 1.0.x-dev 2023-11-02 22:37 UTC

This package is auto-updated.

Last update: 2024-12-03 01:43:50 UTC


README

The package provides middleware classes that implement PSR-15:

For more information on how to use middleware in the Yii Framework, see the Yii middleware guide.

Requirements

  • PHP 8.0 or higher.

Installation

The preferred way to install this extension is through composer.

Either run

composer require --prefer-dist beastbytes/yii-middleware

or add

"beastbytes/yii-middleware": "^1.0.0"

to the require section of your composer.json.

General usage

All classes are separate implementations of PSR 15 middleware and don't interact with each other in any way.

AccessChecker

Checks that the current user has permission to access the current route; use in the route configuration.

return [
    Route::get('/') // no checking
         ->action([AppController::class, 'index'])
         ->name('app.index'),
         
    Route::methods([Method::GET, Method::POST], '/login') // only allow if user is not logged in
         ->middleware(
             fn (AccessChecker $accessChecker) => $accessChecker->withPermission('isGuest')
         )
        ->action([AuthController::class, 'login'])
        ->name('auth.login'),
        
    Route::get('/my-account') // only allow if user is logged in
         ->middleware(
             fn (AccessChecker $accessChecker) => !$accessChecker->withPermission('isGuest')
         )
        ->action([UserController::class, 'view'])
        ->name('user.view'),
        
    Route::get('/post/create') // only allow if user create posts
         ->middleware(
             fn (AccessChecker $accessChecker) => !$accessChecker->withPermission('createPost')
         )
        ->action([PostController::class, 'create'])
        ->name('post.create'),
];

GoBack

Stores the current route in the session so that it can be returned to; typically used after a user logs in.

Routes to be ignored - i.e. not stored in the session - can be added so that they do not overwrite the route to go back to; typically the login route is added.

In the router dependency injection configuration:

use BeastBytes\Yii\Middleware\GoBack;
use Yiisoft\Config\Config;
use Yiisoft\DataResponse\Middleware\FormatDataResponse;
use Yiisoft\Router\Group;
use Yiisoft\Router\RouteCollection;
use Yiisoft\Router\RouteCollectionInterface;
use Yiisoft\Router\RouteCollectorInterface;

/** @var Config $config */
/** @var array $params */

return [
    RouteCollectionInterface::class => static function (RouteCollectorInterface $collector) use ($config, $params) {
        $collector
            ->middleware(FormatDataResponse::class)
            ->middleware([
                'class' => GoBack::class,
                'addIgnoredRoutes()' => [
                    $params['user']['loginRoute']
                ]
            ])
            ->addGroup(
                Group::create(null)
                    ->routes(...$config->get('routes'))
            );

        return new RouteCollection($collector);
    },
];

In the controller where you want to return to a previous URL

use BeastBytes\Yii\Middleware\GoBackMiddleware;
use Psr\Http\Message\ResponseFactoryInterface;
use Psr\Http\Message\ResponseInterface;
use Yiisoft\Http\Status;

    public function __construct(
        private ResponseFactoryInterface $responseFactory
    ) {
    }
    
    // Actions

    private function goBack(): ResponseInterface
    {
        return $this
            ->responseFactory
            ->createResponse(Status::SEE_OTHER)
            ->withAddedHeader('Location', 
                $this
                    ->session
                    ->get(GoBack::URL_PARAM)
            )
        ;
    }

Call goBack() from an action.

Testing

Unit testing

The package is tested with PHPUnit. To run tests:

./vendor/bin/phpunit

Mutation testing

The package tests are checked with Infection mutation framework with Infection Static Analysis Plugin. To run it:

./vendor/bin/roave-infection-static-analysis-plugin

Static analysis

The code is statically analyzed with Psalm. To run static analysis:

./vendor/bin/psalm

For license information check the LICENSE file.