trano / tranoutilsbundle
Trano Utils Bundle
Installs: 501
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Type:symfony-bundle
Requires
- php: ^7.2|^8
- symfony/http-client: ^4.3|^5.0|^6
- symfony/orm-pack: ^1|^2
README
The TranoUtilsBundle contains utilities for the following purposes:
- Extended Response with configurable headers using .env file variables
- Json responses setter for REST API with configurable CORS headers using .env file variables
- Simple syntax http query service
- Environment variable reader
Installation
Install with composer using
composer require trano/tranoutilsbundle
Extended Response with configurable headers
The Response headers can be set using the following instruction:
use Trano\UtilsBundle\Util\ExtendedResponse; $extendedreponse = new ExtendedResponse(); $response = new Response('test'); $responseWithHeaders = $extendedreponse->encapsulateHeaders($response);
The headers values can be set using the following environment variables:
HEADER_STRICT_TRANSPORT_SECURITY="" HEADER_CACHE_CONTROL="" HEADER_PRAGMA="" HEADER_REFERRER_POLICY="" HEADER_X_CONTENT_TYPE_OPTIONS="" HEADER_CONTENT_SECURITY_POLICY="" HEADER_X_FRAME_OPTIONS="" HEADER_X_XXS_PROTECTION=""
By default, the following secured header (https://owasp.org/) values are send back to the client when the corresponding environment variable is not set:
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'
X-Frame-Options: deny
X-XXS-Protection: 1; mode=block
The map between environment variables and the security headers are
| Environment variable | Header | Default value |
|---|---|---|
| HEADER_STRICT_TRANSPORT_SECURITY | Strict-Transport-Security | max-age=31536000 |
| HEADER_CACHE_CONTROL | Cache-Control | no-cache, no-store, must-revalidate |
| HEADER_PRAGMA | Pragma | no-cache |
| HEADER_REFERRER_POLICY | Referrer-Policy | no-referrer |
| HEADER_X_CONTENT_TYPE_OPTIONS | X-Content-Type-Options | nosniff |
| HEADER_CONTENT_SECURITY_POLICY | Content-Security-Policy | default-src 'self' |
| HEADER_X_FRAME_OPTIONS | X-Frame-Options | deny |
| HEADER_X_XXS_PROTECTION | X-XXS-Protection | 1; mode=block |
JsonResponse with configurable CORS headers and security headers
JsonResponse with default security headers
Use the following code to return a JsonResponse, code 200, with the default security headers:
use Trano\UtilsBundle\Util\ApiJsonResponse; $apijsonreponse = new ApiJsonResponse(); return $apijsonreponse->_200Ok('this is an ok results');
The result of the above instructions is (notice the adition of the status, message and results keys)
{
"status": 200,
"message": "",
"results": "this is an ok results"
}
By default, the following secured header values (https://owasp.org/) are send back to the client:
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'
X-Frame-Options: deny
X-XXS-Protection: 1; mode=block
The above headers can be updated using the following environment variables
HEADER_STRICT_TRANSPORT_SECURITY="" HEADER_CACHE_CONTROL="" HEADER_PRAGMA="" HEADER_REFERRER_POLICY="" HEADER_X_CONTENT_TYPE_OPTIONS="" HEADER_CONTENT_SECURITY_POLICY="" HEADER_X_FRAME_OPTIONS="" HEADER_X_XXS_PROTECTION=""
To update the CORS headers (Access-Control.*), use the following environment variables.
ALLOWED_ORIGIN="*" ALLOWED_METHODS="GET,POST" ALLOWED_HEADERS="Authorization, Content-Type"
The map between environment variables and the headers are
| Environment variable | Header |
|---|---|
| ALLOWED_ORIGIN | Access-Control-Allow-Origin |
| ALLOWED_METHODS | Access-Control-Allow-Methods |
| ALLOWED_HEADERS | Access-Control-Allow-Headers |
Custom JsonResponse
By default, ApiJsonResponse returns a json with status, message and results keys. To change this behaviour with a custom json data structure, set
JSON_RESPONSE_TYPE=custom
Thus, the following php code
use Trano\UtilsBundle\Util\ApiJsonResponse; $apijsonreponse = new ApiJsonResponse(); return $apijsonreponse->_200Ok(["data" => 'this is an ok custom results']);
returns
{
"data": "this is an ok custom results"
}
Usage of simple Http request
The $httprequest service is an instance of Trano\UtilsBundle\Util\HttpRequest
GET query with basic Auth
To return an associative array response using GET, use the following instruction. The get instruction should be at the end.
$http_array_response = $this->httprequest ->addHeader('Accept', '*/*') ->addHeader('Content-Type', 'application/json') ->setBasicAuth('username', 'password') ->get('https://www.example.com/getservice');
POST query with array data and basic Auth
To return an associative array response using POST, use the instructions below.
The $data variable is sent by default using application/x-www-form-urlencoded type.
If https://www.example.com/postservice is a Symfony controller route, $data['data1'] variable
would be get using $request->request->get('data1'); instruction.
The post instruction should be at the end. ``
$data = [ 'data1' => 'data1', 'data2' => 'data2', ]; $http_array_response = $this->httprequest ->setBasicAuth('username', 'password') ->setBodyArray($data) ->post('https://www.example.com/postservice');
Notice that due to the functionalities of the symfony http request, both GET and POST simple queries are synchronous (those queries wait for the response).
Usage of Environment variable reader
Let us consider that we have the following environment variable file .env
DATABASE_URL='mysql://aaa:bbb...'
To read this environment variable, use the $env service, an instance of Trano\UtilsBundle\Util\Env
as follows
$database_url = $this->env->getEnv('DATABASE_URL');
Example with a Symfony controller
Let us consider the environment variable at .env file
ALLOWED_ORIGIN="*"
ALLOWED_METHODS="GET,POST,PUT,DELETE"
ALLOWED_HEADERS="Authorization, Content-Type"
Important: If the ALLOWED_* are not set in .env file, the corresponsing Access-Control-Allow-* headers will not be set.
To use the environment reader (Trano\UtilsBundle\Util\Env)
and the Json response (Trano\UtilsBundle\Util\ApiJsonResponse) in a controller, use the following script
namespace App\Controller; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\HttpFoundation\Request; use Trano\UtilsBundle\Util\ApiJsonResponse; use Trano\UtilsBundle\Util\Env; class HomeController extends AbstractController { /** * @var ApiJsonResponse */ private $apijsonresponse; /** * @var Env */ private $env; /** * ControllerTrait constructor. * @param ApiJsonResponse $apijsonresponse * @param Env $env */ public function __construct(ApiJsonResponse $apijsonresponse, Env $env) { $this->apijsonresponse = $apijsonresponse; $this->env = $env; } /** * @Route("/", methods={"GET"}) */ public function index(Request $request) { // Computes DATABASE_URL from .env file // If DATABASE_URL does not exists in .env file, it returns '' string. $database_url = $this->env->getEnv('DATABASE_URL'); // Return Json response with the http status 200. return $this->apijsonresponse->_200Ok('this is an ok results'); } // index }
The route / above reads DATABASE_URL variable environment and returns the following json data.
{
"status": 200,
"message": "",
"results": "this is an ok results"
}
License
This bundle is under the MIT license. See the complete license in the bundle.
About us
TranoUtilsBundle is an initiative of atety.