patricksavalle/slim-request-params

Adds request-parameter validation to the SLIM 3.x PHP framework

Maintainers

Details

github.com/patricksavalle/slim-request-params

Homepage

Source

Issues

Installs: 1 965

Dependents: 1

Suggesters: 0

Security: 0

Stars: 10

Watchers: 2

Forks: 1

Open Issues: 1

v1.2 2022-10-19 14:05 UTC

Requires

MIT c4eea8f43c6b1ba77a756f37b2bd2c0fe11ed0f3

restvalidationrequestargumentsregexslimparameters

This package is auto-updated.

Last update: 2024-11-12 00:50:48 UTC

README

Needs PHP 7.x

Validates request query-parameters and body-parameters ($_GET and $_BODY) and HTTP-headers using regular expressions. Adds a layer of security and self-documentation to your API-code. Uses the same syntax as SLIM uses for route-segments.

Example:

use SlimRequestParams\QueryParameters;

$slimapp->get('', ...)
    ->add(new QueryParameters([
        '{text:\w+}',
        '{fromdate:\date}',
        '{distance:\float},0.0',
        '{orderby:(name|date)},name',
        '{reversed:\bool},false',
        '{offset:\int},1',
        '{count:\int},100',
    ]);

This would for example accept this request:

GET yourdomain.com?text=airplane&fromdate=2016-10-10

And it would for example reject these requests:

GET yourdomain.com?text=airplane&fromdate=2016-10-10&whatever=23
GET yourdomain.com?text=airplane&fromdate=date
GET yourdomain.com?fromdate=2016-10-10&whatever=23
GET yourdomain.com?text=airplane&
GET yourdomain.com

etc.

0. Install with Composer

  • Update your composer.json to require patricksavalle/slim-request-params.

  • Run composer install to add slim-request-params your vendor folder.

    {
  "require": {
    "patricksavalle/slim-request-params": "^1.0"
  }
}

  • Include in your source.

    <?php

require './vendor/autoload.php';

1. Add the middleware to the SLIM routes

To validate request parameters:

use SlimRequestParams\QueryParameters;

$slimapp->get(...)
    ->add(new QueryParameters([
        '{author:[\w-. @]+}',
        '{orderby:\w+},id',
        '{reversed:1},1',
        '{offset:\int},1',
        '{count:\int},100',
        '{*}',
    ])

To validate body parameters (posted by client as x-www-form-urlencoded):

use SlimRequestParams\BodyParameters;

$slimapp->post(...)
    ->add(new BodyParameters([
        '{recipient:.*}',
        '{sender:.*}',
        '{subject:.*}',
        '{timestamp:.*}',
        '{token:.*}',
        '{signature:.*}',
        '{*}',
    ]));

To validate request headers (make sure they are present and their values follows a specific pattern):

use SlimRequestParams\RequestHeaders;

$slimapp->post(...)
    ->add(new RequestHeaders([
        '{HTTP_REFERER:\url}',
        '{HTTP_CB_SIGNATURE:.*}',
    ]));

To forbid arguments to a route:

$slimapp->get(...)
    ->add(new QueryParameters)

General format of a validation rule:

{<name>:<regex>},<optional_default_value>

Missing parameters are set to the given default.

Explicitely setting a value to null:

/someurl?key=  (leave value empty)

Extra parameters generate an error unless the wildcard parameter is used: {*} in which case the extra parameters are passed without validation.

Accepts the RFC-standard query parameter array, not the PHP version:

/someurl?a=10&a=11&a=12

For typed parameters and special formats there are the following keywords that can be used instead of the regex:

\boolean
\int
\float
\date
\raw
\base64json
\url
\email
\country
\nationality
\timezone
\currency
\language
\bitcoinaddress
\moneroaddress
\xtext   (a XHTML fragment only using text formatting tags, tidies up the text)

These are only syntax checks! Also there is an accept 'anything else' argument:

{*}

Optional parameters should get the default:

\optional

(See code example above)

The RequestHeaders Middleware always accept 'anything else'.

2. Install the strategy in SLIM3.x for access to the validated arguments

Add the strategy that combines the url-, query- and post-parameters and request-headers into one object.

$slimapp->getContainer()['foundHandler'] = function () {
    return new RequestResponseArgsObject;
};

3. Adapt your route handlers to the new strategy

A complete example.

<?php

declare(strict_types = 1);

namespace YourApi;

define("BASE_PATH", dirname(__FILE__));

require BASE_PATH . '/vendor/autoload.php';

use \Psr\Http\Message\ServerRequestInterface as Request;
use \Psr\Http\Message\ResponseInterface as Response;
use \SlimRequestParams\BodyParameters;
use \SlimRequestParams\QueryParameters;
use \SlimRequestParams\RequestResponseArgsObject;

$app = new \Slim\App;

$app->getContainer()['foundHandler'] = function () {
    return new RequestResponseArgsObject;
};

$app->get('/hello/{name}', function (Request $request, Response $response, \stdClass $args) {
    $name = $args->name;
    $text = $args->text;
    $referer = $args->referer;
    $response->getBody()->write("$text, $name, $referer");
    return $response;
})
    ->add(new RequestHeaders(['{HTTP_REFERER:\url']))
    ->add(new QueryParameters(['{text:[\w-.~@]+},Hello']));

$app->run();

To retrieve or inspect the validated parameters from anywhere in your app just use:

\SlimRequestParams\QueryParameters::get();
\SlimRequestParams\BodyParameters::get();
\SlimRequestParams\RequestHeaders::get();