Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

JoliCode.com Blog:
The journey of writing an API Client with PHP and some wise advices
Aug 25, 2016 @ 10:49:01

On the JoliCode.com blog there's a post sharing the experience of writing an API client with PHP including some advice to those out there considering doing the same.

My (love-)story with Docker started in December 2013, after having lost a 2 years long battle against Chef. I had been attracted to Docker for a couple of months, and I finally made the switch the day when I learned that it was built on a REST API. This meant that I could control all my infrastructure from PHP, which is the language I’m most partial to.

After some research, I found the library docker-php built by ubermuda, but, like all the things around Docker at that time, there was only a very limited support of the API. Like any decent developer (yes, it’s a troll), I started to write pull requests to fulfill my needs, and it was both the greatest and the worst thing that happened to me.

The post starts off with a brief history of PHP libraries working with HTTP requests (and the difficulties he had with Guzzle). This includes the fast pace that the library was changing at the time, making it difficult to keep the code maintained. He took a "step back" and decided to look more into HTTPlug and some changes to help bring it up to date. With that choice made, he got into the automation portion and using it work with the Docker API. He talks about some of the other technologies and tools he investigated along the way including Jane for working with JSON message schemas.

Maintaining an open source library is hard and takes time. However, these last years made me realize that we can control it, by moving features into other projects, trust people behind it, and by reducing the feature sets.
tagged: api client library advice http httplug jane json schema

Link: https://jolicode.com/blog/the-journey-of-writing-an-api-client-with-php-and-some-wise-advices

IBM Developer Blog:
Get Started With CouchDB Using PHP and Guzzle
Jul 28, 2016 @ 13:07:48

On the IBM Developer Blog they've posted a new article from Lorna Mitchell helping you get started with CouchDB and Guzzle, making use of this popular HTTP client package to interface with CouchDB's HTTP interface quickly and easily.

In today’s post, we’ll look at how we can use CouchDB in our PHP applications, using the excellent PHP HTTP library Guzzle. Guzzle is a modern, PSR-7 compliant object-oriented PHP library that handles all aspects of HTTP in a correct and — importantly, a scalable — way. So it’s a great way to add any HTTP-interfaced services into your application (PHP 5.5 and later, does support PHP 7).

She then starts off with the installation of Guzzle via Composer and some sample code to make the initial connection to the CouchDB server (either local or remote). With the connection up and working and a "welcome" banner returned, she shows some simple operations like:

  • getting a list of all databases
  • creating a new database
  • inserting and selecting data
  • updating and deleting data

Code is provided for each of these and, thankfully, Guzzle makes it a pretty simple process and handles most of the heavy lifting on the HTTP requests for you.

tagged: couchdb guzzle introduction database http install connect crud

Link: https://developer.ibm.com/clouddataservices/2016/07/27/get-started-with-couchdb-php-guzzle/

Community News:
HTTPoxy Vulnerability Announcement
Jul 19, 2016 @ 12:40:10

Recently a major security vulnerability was announced centering around the the HTTP "Proxy" header and how incorrect handling could result in major issues with external requests. In the PHP ecosystem, a major HTTP library - Guzzle - was vulnerable (along with any application using it). However, according to Michael Dowling, a lead developer on the project, a new release has already been made to correct the problem.

httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments. It comes down to a simple namespace conflict [between the "Proxy" and "HTTP_Proxy" headers]. This leads to a remotely exploitable vulnerability. If you’re running PHP or CGI, you should block the Proxy header now. Here’s how.

The main HTTPoxy site as more information about how you can test to see if your application is vulnerable and what software/server configurations are typically vulnerable. There's also more language-specific information on the page as well as some immediate mitigations for various web server types.

tagged: httpoxy http proxy header vulnerability announcement guzzle webserver

Link: https://httpoxy.org/

Alejandro Celaya:
Dispatch REST-like requests with a single controller class in Zend Expressive
Jun 27, 2016 @ 10:21:25

In a new post to his site Alejandro Celaya shows you how to dispatch REST-like requests in Zend Expressive using a single-controller method.

I was digging into Zend Expressive and how to use controllers that allow me to share dependencies between different routes, instead of having to use different middlewares every time. Abdul wrote a great article on this subject that you can find here, which also became part of Expressive's cookbook some time later.

This is a perfect approach that easily allows to reuse some code, but then I thought how to do something similar in a rest environment, having a single class with different dispatchable methods that will be called depending on the request's HTTP method. This is a possible solution based on ZF2's AbstractRestfulController.

He starts by creating an AbstractRestController class to handle the basics of the REST handling, essentially matching verbs to their actions. He then extends this with a RestUserController class that overrides the necessary methods for only the HTTP verbs you want to change. He then shows how to register the route so it can be used by any request verb type (GET, POST, PUT, etc).

tagged: zendexpressive tutorial rest request verb http zendframework2 abstractcontroller

Link: http://blog.alejandrocelaya.com/2016/06/24/dispatch-rest-like-requests-with-a-single-controller-class-in-zend-expressive/

Rob Allen:
Slim 3.4.0 now provides PSR-7!
May 09, 2016 @ 09:48:10

Rob Allen has a post to his site announcing the latest release of the Slim Framework - v3.4.0 - and an update that allows for full PSR-7 support, telling Composer that the framework fully supports it now as well.

I've been neglecting Slim's PR queue recently, so this weekend I dedicated a lot of time to merging all the good work that our contributors have done. As a result, I'm delighted to release version 3.4.0! This release has a larger set of changes in it than I would have ideally liked which is a direct consequence of having gone two months between releases rather than one.

One particularly interesting addition that we have a made this release is adding a provide section to our composer.json file. [...] This means that we have informed Composer that Slim provides a valid implementation of the interfaces in psr/http-message-implementation virtual package that defines the PSR-7 interfaces.

This basically means that if you're using other libraries/tools that require a PSR-7 compatible system to work correctly, they'll detect that Slim fully supports it.

tagged: slimframework slim3 psr7 support http message implementation composer

Link: https://akrabat.com/slim-3-4-0-now-provides-psr-7/

Lorna Mitchell:
OAuth2 with PHP's built in Streams Functions
Jan 07, 2016 @ 10:56:54

In a quick post to her site Lorna Mitchell reminds us that you can modify the options on the internal PHP streams (like for HTTP requests), more specifically to add a "Bearer" token value for OAuth2 integration.

For OAuth2, all I had to be able to do was to send an Authorization header with my web request from PHP. My second-favourite way of making API calls from PHP is to use PHP's stream handling, so I did that. It's not code you see very often but it's super-simple and it works on every PHP platform I've tried so far

She gives a few lines of code to show how to modify the options to add in the token value, basically using an array of options and a call to stream_context_create to create the context. This can then be used in future calls (like the file_get_contents she shows) to automagically send this information along with the request.

tagged: oauth2 http stream request builtin options bearer tutorial

Link: http://www.lornajane.net/posts/2016/oauth2-phps-built-streams-functions

SitePoint PHP Blog:
Breaking Free from Guzzle5 with PHP-HTTP and HTTPlug
Nov 09, 2015 @ 09:35:41

In a new tutorial from the SitePoint PHP blog editor Bruno Skvorc shows you how to "break free" from using the Guzzle HTTP client (which has become, by far, the most popular) and make it simpler to go with another option. He highlights the HTTPlug library that makes it easy to do just that.

In a previous series, we built a PHP client for Diffbot. The client works well and is in relatively widespread use – we even tested it on a live app to make sure it’s up to par – but it depends heavily on Guzzle 5.

There are two problems with this: Guzzle 6 is out, and supports PSR 7. [...] Someone implementing our client in their app might already have a preferred HTTP client in use, and would like to use theirs rather than Guzzle. [...] Coincidentally, there is a new project allowing us to do just that: HTTPlug.

He walks you through the installation of the library via Composer and covers what all kinds of functionality it contains. HTTPlug provides an "entry point" and unified interface for the HTTP client of your choosing, complete with interface packages to wrap the most common functionality. He shows how to refactor his Diffbot code to use the package, replacing the previous Guzzle dependency using the virtual package definition HTTPlug provides. He also updates some of the tests to use the HTTPlug package types rather than relying on Guzzle's object return types.

tagged: guzzle http client httplug library abstract tutorial

Link: http://www.sitepoint.com/breaking-free-from-guzzle5-with-php-http-and-httplug/

Cees-Jan Kiewiet:
ReactPHP: HTTP Client
Nov 05, 2015 @ 12:05:14

Cees-Jan Kiewiet has a post on his site focusing on the HTTP client side of the functionality offered by the ReactPHP. In this post he covers the basics of installation and usage with plenty of code examples (and screencasts of it in action).

Aside from a HTTP component ReactPHP also has a HTTP Client component that lets your send out HTTP requests. It is incredibly handy when you need to communicate with for example elasticsearch's REST API, AWS platform through their SDK or the RIPE Atlas API.

He walks you through the simple installation of the library (via Composer) and the code to send a simple request to an example.com domain, returning the HTML contents of the page. He then gets to some more complex examples: sending two requests at the same time, streaming the response body as it arrives and an example based on community feedback - streaming Twitter data. He ends the post with a community example showing the use of the Buzz HTTP client to make simple requests.

tagged: reactphp http client example stream twitter screencast

Link: http://blog.wyrihaximus.net/2015/11/reactphp-http-client/

SitePoint PHP Blog:
Build a Superfast PHP Server in Minutes with Icicle
Sep 17, 2015 @ 11:21:44

The SitePoint PHP blog has posted a new tutorial by Christopher Pitt showing you how to build a PHP server "super fast" with the help of the Icicle/http library and some event-driven programming techniques.

Event-based programming is a strange topic for PHP developers. In a language as procedural; events are little more than function calls. Nothing happens between events, and all meaningful code is still blocking.

Languages like JavaScript show us what PHP could be like if event loops were at the center. Some folks have taken these insights and coded them into event loops and HTTP servers. Today we’re going to create an HTTP server, in PHP. We’ll connect it to Apache to serve static files quickly. Everything else will pass through our PHP HTTP server, based on Icicle.

They start off showing you how to configure your Apache server to rewrite the requests (only for non-existent files) to the PHP handler. From there, he helps you get the Icicle/http library installed and create a simple HTTP server with it's included functionality. He shows how to set up routing using the LeagueRoute package and return correct HTTP response codes based on the result of the request. Finally he shows the use of the LeaguePlates library to render more complex views than just plain-text results.

tagged: tutorial http server icicle league plates route

Link: http://www.sitepoint.com/build-a-superfast-php-server-in-minutes-with-icicle/

Davey Shafik:
GuzzleHTTP VCR
Aug 24, 2015 @ 10:54:54

Davey Shafik has published a post about library he's created that's a sort of "recorder" for connections made with the Guzzle HTTP client - the Guzzle VCR.

A few days ago I pushed out a very small library to help with testing APIs using Guzzle: dshafik/guzzlehttp-vcr. [...] This is a simple middleware that records a request’s response the first time it’s made in a test, and then replays it in response to requests in subsequent runs.

The handler works by recording the responses from the API (ex: the JSON response data) and records them to files (again, JSON). A one-line call turns the "recording" on and points to a directory where the cached files should be stored. He shows how to use it in the constructor of your Guzzle client, setting it up as the "handler" for the requests. He also includes an example of a few unit tests that make use of the recording feature to check the response of a /test endpoint.

tagged: guzzle http client vcr recording response json cache handler

Link: http://daveyshafik.com/archives/69384-guzzlehttp-vcr.html