Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Framework Blog:
Authorize users using Middleware
May 04, 2017 @ 09:40:56

Previously the Zend Framework blog posted a tutorial showed you how to authenticate a user with middleware in a Zend Expressive application. In this latest post in the series they move on to the next step: authorization.

In a previous post, we demonstrated how to authenticate a middleware application in PHP. In this post we will continue the discussion, showing how to manage authorizations.

We will start from an authenticated user and demonstrate how to allow or disable actions for specific users. We will collect users by groups and we will use a Role-Based Access Control (RBAC) system to manage the authorizations.

To implement RBAC, we will consume zendframework/zend-permissions-rbac.

They start by pulling in the Zend Expressive tooling support and creating the Permission module. The tutorial then gets into the basics of using a role-based access control system and the roles they're going to define: admin, editor and contributor (as well as what each can do). The roles are then defined in a configuration file and briefly explained. Next is the creation of the middleware to authorize the user and its action in the application, performing a check against the roles of the user on the requirements of the action. There's also an example of setting up role inheritance and how to configure the resulting route to fire off the authorization handling.

tagged: zendexpressive middleware authorization zendrbac rbac rolebased accesscontrol tutorial

Link: https://framework.zend.com/blog/2017-05-04-authorization-middleware.html

Medium.com:
Using Guzzle 6 Middleware in a Laravel Application
May 03, 2017 @ 11:10:36

In this recent post on Medium.com author Paul Redmond shows how to use Guzzle 6 middleware in a Laravel application instead of the framework's own functionality.

The most significant change between Guzzle 5 and 6 is moving away from the event system I grew so accustomed to in Version 5 to middleware in version 6. Needless to say, it was a big adjustment for me at first and it felt like a downgrade. After my initial grumbling, the upgrade guide explains the reasoning for the change.

[...] I prefer to keep my dependencies as up-to-date as possible so I decided to learn Guzzle 6 and become more familiar with the middleware. The concepts are pretty straightforward and I have a few patterns that I like to use when building out middleware within my Laravel applications.

He then shares some code he's used to generate an authorization header and how to add it into the Laravel application as a service using the "tagged" middleware functionality. Finally he shows it in use making a simple request to the endpoint and showing the response results, including the authorization header.

tagged: guzzle middleware laravel application tutorial tagged integration

Link: https://medium.com/@paulredmond/using-guzzle-6-middleware-in-a-laravel-application-7fbd6d966235

Zend Framework Blog:
Caching middleware with Expressive
Apr 19, 2017 @ 12:12:32

On the Zend Framework blog Enrico Zimuel has posted a tutorial showing you how to use middleware caching in Zend Expressive to help increase the overall performance of your application.

Performance is one of the key feature for web application. Using a middleware architecture makes it very simple to implement a caching system in PHP.

The general idea is to store the response output of a URL in a file (or in memory, using memcached) and use it for subsequent requests. In this way we can bypass the execution of the previous middlewares starting from the second request.

Of course, this technique can only be applied for static contents, that does not require update for each HTTP request.

He shows how to implement the "cachable" middleware, starting with a version that caches the return content based on the URL requested. He then shows how to configure the caching system to specify settings like path, lifetime and the enabled/disabled state. This is stored as a PHP configuration where the autoloader can get to it and the class as a dependency on the middleware itself.

tagged: cache middleware output zendexpressive tutorial response content

Link: https://framework.zend.com/blog/2017-04-19-caching-middleware.html

Matthew Weier O'Phinney:
Using Anonymous Classes to Write Middleware
Apr 03, 2017 @ 11:22:48

Matthew Weier O'Phinney, lead developer on the Zend Framework project, has written up a new post for his site showing how to use anonymous classes to write middleware for your applications (several frameworks support the concept of middleware these days).

I faced an interesting question recently with regards to middleware: What happens when we go from a convention-based to a contract-based approach when programming?

Convention-based approaches usually allow for duck-typing; with middleware, it means you can write PHP callables - usually closures - and just expect them to work.

Contract-based approaches use interfaces. I think you can see where this is going.

He starts off looking at some of the currently popular methods for creating middleware basic them off of either the PSR-7 standard or the proposed PSR-15 HTTP middleware, each with code examples to illustrate. The post then gets to the point with a look at anonymous class-based middleware and some of the advantages they provide. He refactors both a PSR-7 middleware and a closure-based middleware over to PSR-15 using this method.

tagged: middleware anonymous class psr7 psr15 closure tutorial

Link: https://mwop.net/blog/2017-03-30-anonymous-class-middleware.html

Zend Framework Blog:
Error Handling in Expressive
Mar 24, 2017 @ 09:30:31

The Zend Framework blog has a new tutorial posted by Matthew Weier O'Phinney covering error handling techniques in Expressive with a few examples making use of some custom middleware and logic.

One of the big improvements in Expressive 2 is how error handling is approached. While the error handling documentation covers the feature in detail, more examples are never a bad thing!

In their example they're creating an API resource that returns a list of book details (ones the user has read). The goal is to use the existing error handling for everything except the custom exceptions they want to throw but keep with the JSON handling throughout. First the middleware to handling the API request is shown, complete with sorting and pagination. Then come the custom exception examples for invalid requests and server issues. These exceptions are then put into the Problem Details format with the help of another middleware. This then all tied together with the nested middleware handling Expressive provides and an example of the end result is included.

tagged: error handling expressive custom problemdetails tutorial json middleware

Link: https://framework.zend.com/blog/2017-03-23-expressive-error-handling.html

Zend Framework Blog:
Nested Middleware in Expressive
Mar 16, 2017 @ 11:52:21

On the Zend Framework blog Matthew Weier O'Phinney has posted another tutorial, this time showing you how to use nested middleware in Expressive allowing for the composition of your own workflow in the request/response flow.

A major reason to adopt a middleware architecture is the ability to create custom workflows for your application. Most traditional MVC architectures have a very specific workflow the request follows. While this is often customizable via event listeners, the events and general request lifecycle is the same for each and every resource the application serves.

With middleware, however, you can define your own workflow by composing middleware.

He starts by describing one of the main concepts in the workflow of the application: pipelines. He gives an example of the default pipeline included with the Expressive skeleton application and how the middleware it uses nests to create a custom logic and handling flow. He follows this with an example scenario showing how to add authentication into the pipeline, specifically the use of Digest authentication via a PSR7 middleware package. Code is included for the integration of this package and the end result - all pages requiring authentication. He shows how to modify this and limit it to only certain paths and how to nest them in the route definitions.

Finally he shows another approach - creating a custom middleware pipeline inside of the factory for the requested middleware. He also covers nested applications, using traits for common workflows and the use of "delegator factories".

tagged: expressive tutorial nested middleware pipeline custom authentication example

Link: https://framework.zend.com/blog/2017-03-15-nested-middleware-in-expressive.html

Alejandro Celaya:
Managing PUT requests with file uploads in psr-7 and middleware PHP applications
Mar 07, 2017 @ 13:17:01

Alejandro Celaya has posted a new tutorial to his site covering the handling of PUT requests in PSR-7 applications for file uploads via middleware.

It has been a long time since I first realized that handling file uploads in non-POST requests (like PUT) wasn't an easy task. One could assume the $_FILES array should be populated regardless the HTTP verb, but actually, PHP doesn't do it on its own.

After a long time wanting to find a solution to this problem, I've finally dedicated the time to get something functional, that allows file uploads to be transparently handled regardless the HTTP verb (it works the same way in POST, PUT and PATCH requests).

Since nowadays I try to work with psr-7/middleware based applications, I have created a Zend Expressive app that registers a middleware capable of parsing a multipart/form-data request body, populating the request's uploaded files array and parsed body array. This way, you can call $request->getUploadedFiles() or $request->getParsedBody() in any PUT or PATCH action, the same way you would do in a POST action.

His example application shows a simple HTML form that, when submitted, changes the HTTP request type based on a radio option selected at the bottom. He walks through the steps that the application takes to handle the upload via this middleware that makes it possible to work with the body of the PUT the same way as other requests. He goes through each part of the code that's required to make the middleware flow work and finishes up the post looking at a few other things to consider (like opting for POST over PUT for file uploads).

tagged: zendexpressive application tutorial psr7 middleware put request fileupload upload

Link: https://blog.alejandrocelaya.com/2017/03/06/managing-put-requests-with-file-uploads-in-psr-7-and-middleware-php-applications/

Matthew Weier O'Phinney:
PSR-7 Request and Method Utilities
Jan 27, 2017 @ 09:52:37

Matthew Weier O'Phinney has written up a new post for his site covering PSR-7 request and method utilities and a package that contains some handy tools to help with just that.

Some time ago, a few folks floated the idea of creating a utility repository related to the PSR-7 psr/http-message package, but containing some useful bits such as constants for HTTP request methods and status codes.

Six months ago, we released it... but didn't publicize it. I remembered that fact today while writing some unit tests that were utilizing the package, and thought I'd finally write it up.

The package is fig/http-message-util, and is available via Composer and Packagist.

He goes on to describe the two interfaces it provides (RequestMethod and StatusCode) and what they're designed to help with. He includes an example of middleware written using these interfaces, defining allowed methods and returning a "method not allowed" status code - based on a constant - in the response message object. He ends the post with two quick points to note in this example: how the interfaces are used and his use of aliases to make using the interfaces just a bit shorter.

tagged: psr7 middleware request method utility package httpmessageutil tutorial

Link: https://mwop.net/blog/2017-01-26-http-message-util.html

Zend Framework Blog:
Implement a SOAP server with zend-soap
Jan 25, 2017 @ 11:22:58

The Zend Framework blog continues on its series of posts showing how to create various types of web services using various components from the framework itself. In this latest post they show you how to implement a SOAP server with zend-soap, a component specifically designed to "create, serve, and access SOAP applications, and parse and generate WSDL".

zend-soap provides a full-featured SOAP implementation. SOAP is an XML-based web protocol designed to allow describing messages, and, optionally, operations to perform. It's similar to XML-RPC, but with a few key differences: arbitrary data structures may be described [and] multiple operations may be described in a message as well.

The post goes on to talk about why they're show how to use these other service types when they primarily use REST in Apigility. It also covers some of the benefits using the module has over PHP's own SOAP handling. From there it's all about the code: first just creating the server and then populating it with the classes and functions it allows. The remainder of the post is split between two other methods for setting up the server: using it in a MVC application and as middleware in something like Zend Expressive.

tagged: zendframework soap server zendsoap tutorial api wsdl mvc middleware

Link: https://framework.zend.com/blog/2017-01-24-zend-soap-server.html

Zend Framework Blog:
Implement an XML-RPC server with zend-xmlrpc
Jan 18, 2017 @ 14:22:33

As a sort of follow up to their previous article showing the use of the zend-json-server component to create an XML-RPC service, the Zend blog is back with a different take on the same functionality, this time using zend-xmlrpc.

zend-xmlrpc provides a full-featured XML-RPC client and server implementation. XML-RPC is a Remote Procedure Call protocol using HTTP as the transport and XML for encoding the requests and responses.

[...] Each XML-RPC request consists of a method call, which names the procedure (methodName) to call, along with its parameters. The server then returns a response, the value returned by the procedure.

The post walks you through an example request/response flow and some of the value types allowed in the XML-RPC structure. From there it's on to the code, creating the simple server and an "add" method on the "calculator" service. The post then covers how to integrate this setup with the zend-mvc component and an application based on it. It finishes up with an example of the same kind of functionality only applied in a PSR-7 middleware instead.

tagged: zendframework zendxmlrpc xmlrpc component zendmvc psr7 middleware

Link: https://framework.zend.com/blog/2017-01-17-zend-xmlrpc-server.html