Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Framework Blog:
Zend Framework 3 Update and Roadmap
Nov 26, 2015 @ 09:47:33

On the Zend Framework blog they've posted the roadmap and latest updates on the work being done for the next major version of the framework: Zend Framework 3.

In October, while at ZendCon, I presented a talk on Zend Framework 3 entitled "Components, PSR-7, and Middleware: Zend Framework 3." You can view it online, but this post discusses current status, details some decisions, and points to the work still to be done. It's a long read; grab a warm beverage, maybe some popcorn, and take your time.

They start by outlining some of the major concepts that ZF3 integrates and are key to how it will handle requests:

  • the component-based system it's built on, making major use of Composer-style packages and installation techniques
  • using the PSR-7 standard for handling of HTTP requests and responses
  • the use of middleware to modify the request/response and add logic

Finally, they get into the overall view and roadmap for the framework. They talk about the ServiceManager/EventManager, the role middleware plays in the request dispatching and the goal of reducing dependencies. The post ends with a look at the improvements they're striving for with new and better documentation and the next steps in the roadmap for the coming months.

tagged: zendframework3 roadmap update overview psr7 middleware component documentation

Link: http://framework.zend.com/blog/zend-framework-3-update-and-roadmap.html

Rob Allen:
Writing PSR-7 middleware
Nov 05, 2015 @ 13:48:58

In this new post to his site Rob Allen talks about PSR-7 compatible middle ware and shows examples of writing it to work with frameworks that support the PSR-7 structure. His examples revolve around Slim 3 but could be used in other supporting frameworks just as easily.

Within Slim 3's Request object, there's a method called getIp() which is determines the client's IP address. However it's rather simplistic and potentially risky as it checks the X-Forwarded-For header with no ability to ignore this header or whitelist whether we trust the final proxy in the chain. Determining the client's IP address is an ideal use-case for middleware as we can inspect the headers in the request and then set an attribute so that middleware further down the chain can use it.

With this goal in mind, he shows how to create the middleware that uses the __invoke method to execute the required logic and call the next middleware in the chain. In his example he makes use of a pseudo-method determineClientIpAddress that does the work of detecting the IP address and then sets the value as a part of the request object (as an attribute). He also shows how to configure the middleware to select an attribute name and how to attach the middleware to a few different framework types.

tagged: pst7 middleware slim3 framework ipaddress tutorial

Link: http://akrabat.com/writing-psr-7-middleware/

Joshua Sampia:
CORS Slim PHP Setup
Nov 05, 2015 @ 10:38:47

In this post to his site Joshua Sampia shows how to set up and configure CORS in your Slim-based application. CORS or Cross-Origin Resource Sharing, lets you further lock down what sources can access your application and some requirements around the ones that can.

Ok, another PHP post but this time it’s about setting up some middleware for a slim PHP application.

Let me set this up. We are building a simple REST API for use with a basic phone native app (both Android and iOS). Me being new to this, I wasn’t sure if the native app domain call is considered cross browser or not, plus there are some outside companies we are working with who MAY access the API as well. [...] I setup some middleware by extending the Slim Middleware class and adding them via the app.

He talks about the steps he had to take in the middleware to set up an AccessControlOrigin middleware (and two others requiring HTTPS and HTTP Basic Auth). He includes the simple code to send the required HTTP headers to support CORS on the response object and the update to his Javascript to include credentials with every request.

tagged: cors slim framework security middleware https httpbasic authentication crossorigin

Link: http://joshuasampia.com/2015/11/05/cors-slim-php-setup/

SitePoint PHP Blog:
How to Build a NASA Photo Gallery with Zend Expressive
Nov 03, 2015 @ 09:52:06

The SitePoint PHP blog has a new tutorial from author Andrew Carter showing you how to create a NASA photo gallery application with the latest framework offering from Zend, Zend Expressive.

In this article, we are going to use Zend Expressive to build a photo gallery using the NASA Astronomy Picture of the Day API. The end result will be the AstroSplash website which was created for the purpose of this article. [...] Zend Expressive is an exciting new micro-framework for building PSR-7 middleware applications. [...] Middleware is a term that will be used a lot in this article. A good definition of middleware is given by the Zend Expressive documentation.

They walk you through the basics of the application and how to set up an account and application over on the NASA API. They help you create the initial project, what the output should look like and commands to remove some extra code. They include the configuration of the container, set up the route middleware, work with the templating for the app and connecting it with Doctrine for database storage. Finally they integrate the NASA API using this library and pull down the latest images from the service.

tagged: zendexpressive tutorial nasa image application api framework middleware

Link: http://www.sitepoint.com/build-nasa-photo-gallery-zend-expressive/

BitExpert Blog:
Prophiler PSR-7 Middleware
Oct 27, 2015 @ 10:42:54

On the BitExpert blog Stephan Hochdörfer shares a new tool, a PSR-7 compliant middleware, that allow easy integration with your current application of the Prophiler debugging/profiling tool.

Prophiler is a PHP Profiler & Developer Toolbar which is part of the Phalcon project but can also be used as a stand-alone component, kind of like the Symfony Web Debug Toolbar or Z-Ray. What I like about Prophiler is that on the one hand hand it is super easy to install and on the other hand offers a few nice adapters (e.g. PSR-3 logging or Doctrine integration) out-of-the-box.

The middleware is a simple Composer install away. He includes the code you'll need to make the Prophiler instance and how to hook in the middleware for use. His example uses the Zend Framework Stratigility structure but because it's a PSR-7 compliant package, it can integrate just as easily with any PSR-7 framework/library. He also includes a sample of running a request and mentions the automatic addition of the toolbar to the output.

tagged: prohpiler profiling psr7 middleware integration zendframework stratigility tutorial composer

Link: https://blog.bitexpert.de/blog/prophiler-psr-7-middleware/

Zend Developer Zone:
Announcing Expressive 1.0.0RC1!
Oct 22, 2015 @ 09:27:14

On the Zend Developer Zone Matthew Weier O'Phinney has posted an announcement about the release of the first Release Candidate for Expressive, version 1.0.0RC1. It builds on top of the zend-stratigility component of the Zend Framework.

Today, we are pleased to announce the immediate availability of the first release candidate of Expressive, a [PSR-7](http://www.php-fig.org/psr/psr-7/) [middleware](https://github.com/zendframework/zend-stratigility/blob/master/doc/book/middleware.md) microframework.

Expressive allows you to write PSR-7 middleware applications for the web. PSR-7 is a standard defining HTTP message interfaces; these are the incoming request and outgoing response for your application. By using PSR-7, we ensure that your applications will work in other PSR-7 contexts.

The post gives a brief introduction to the framework and lists some of its main features including:

  • customizable routing choice (select from several packages, not just forced into one)
  • implements the ContainerInterface for dependency injection handling
  • allows for the integration of several types of templating tools (Plates, Twig, etc)
  • customizable error handling (defaults to a template-based version)

He then walks you through getting started with the framework and creating a simple project. The setup prompts you and walks you through several choices of other packages to install (a router, a template library, etc) and hooks them all together. Once the installation is complete, all it takes is a simple web server start (PHP's own built-in works fine) and you'll have a fully functional application to work with. You can find out more information about the framework through the quickstart and full documentation.

tagged: expressive framework middleware psr7 releasecandidate rc1 announcement

Link: http://devzone.zend.com/6814/announcing-expressive-1-0-0rc1/

Zend Framework Blog:
Announcing Expressive
Aug 27, 2015 @ 09:41:21

The Zend Framework blog has posted an announcement about a new project they're offering to help make building PSR-7 middleware applications simpler - announcing Expressive.

We are pleased to announce the immediate availability of a new project, Expressive!

Expressive allows you to write PSR-7 middleware applications for the web. It is a simple micro-framework built on top of Stratigility, providing: dynamic routing, dependency injection via container-interop, templating and error handling.

The post helps you get a simple application using Expressive up and running via a Composer install and a bit of code. They talk about some of the goals behind Expressive, the interoperability it makes available and how it fits in with the Zend Framework ecosystem. They've released version 0.1.0 already and ask for testing (and bug reports) for this new framework. You can also check out the project documentation for more information about what it offers and the features currently implemented.

tagged: expressive framework psr7 middleware interoperability stratigility

Link: http://framework.zend.com/blog/announcing-expressive.html

SitePoint PHP Blog:
StackPHP Explained
Apr 23, 2015 @ 11:40:02

The SitePoint PHP blog has a tutorial posted today that wants to help you understand StackPHP, the project centered around middleware, specifically related to the Symfony2 HttpKernelInterface.

Today we are going to look at StackPHP and try to understand what this thing is all about. Although this post will have some code, this article will be rather theoretical as we are interested in learning what StackPHP actually is, where it comes from and why it is useful. As the front page of the StackPHP project says, Stack is a convention for composing HttpKernelInterface middlewares. But, in order to actually understand this definition, we will have to cover a few concepts first. At the end, we will also illustrate the concepts we learned in the context of StackPHP with some example code.

They start with a brief look at the HttpKernelInterface and how it works with the overall request and response flow of a typical application request. From there they describe the Decorator design pattern that will be used to augment the request/response objects as they're going through the middleware process. Following this they look at how StackPHP fits into this picture and provides a few code examples showing both basic and a bit more complex middleware handling (including the use of StackBuilder).

tagged: stackphp tutorial middleware httpkernelinterface symfony2 introduction

Link: http://www.sitepoint.com/stackphp-explained/

Replacing controllers with middleware
Apr 01, 2015 @ 09:53:50

Dracony has a new post to his site that suggests replacing controllers with middleware and how it relates to some of the current controller practices.

Middleware is now a very popular topic in the PHP community, here are some of my thoughts on the subject. [...] The idea behind it is “wrapping” your application logic with additional request processing logic, and then chaining as much of those wrappers as you like. So when your server receives a request, it would be first processed by your middlewares, and then after you generate a response it will also be processed by the same set.

After giving a few examples of what could be a good fit for use as middleware, he makes the suggestion to replace controllers. He talks about some of the problems that middleware brings with it and how to turn things around and write controllers as middleware (and not wrap them in it). He finishes with a mention of the work being done on PSR-7 (the HTTP Request proposal) and some thoughts on how it could fit into his middleware ideas.

tagged: middleware controller replacement opinion psr7 http

Link: http://dracony.org/replacing-controllers-with-middleware/

Barry vd. Heuvel:
CSRF Protection in Laravel explained
Feb 23, 2015 @ 11:52:59

Barry vd. Heuvel has a recent post to his site explaining how the Laravel framework has implemented CSRF protection natively. CSRF is short for Cross-site request forgery and is a type of security vulnerability.

In this blog we take a closer look into CSRF protection in Laravel. We compare the difference between the CSRF filter in Laravel 4 and the current VerifyCsrfToken middleware in Laravel 5.

He start with a quick look at why CSRF protection is even needed and what kind of problems it can cause. He shows how the CSRF protection was enabled in the Laravel 4 routing and how, in Laravel 5, the token evaluation was updated to use the hash_equals to prevent timing attacks. He then gets into the details of the middleware and how it handles the protection for you (including detection and use of the X-CSRF-TOKEN header).

tagged: csrf protection laravel laravel5 middleware xcsrftoken header

Link: http://barryvdh.nl/laravel/2015/02/21/csrf-protection-in-laravel-explained/