{"id":18924394,"url":"https://github.com/outlandishideas/php-crud-api-secure","last_synced_at":"2026-03-14T02:30:23.088Z","repository":{"id":57034154,"uuid":"384387408","full_name":"outlandishideas/php-crud-api-secure","owner":"outlandishideas","description":"A secure-by-default wrapper around https://github.com/mevdschee/php-crud-api","archived":false,"fork":false,"pushed_at":"2021-10-04T18:11:32.000Z","size":581,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-02-14T04:14:13.635Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/outlandishideas.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-09T09:27:43.000Z","updated_at":"2024-04-03T17:27:27.000Z","dependencies_parsed_at":"2022-08-24T05:10:34.766Z","dependency_job_id":null,"html_url":"https://github.com/outlandishideas/php-crud-api-secure","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outlandishideas%2Fphp-crud-api-secure","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outlandishideas%2Fphp-crud-api-secure/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outlandishideas%2Fphp-crud-api-secure/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/outlandishideas%2Fphp-crud-api-secure/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/outlandishideas","download_url":"https://codeload.github.com/outlandishideas/php-crud-api-secure/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239921875,"owners_count":19718842,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T11:06:42.347Z","updated_at":"2026-03-14T02:30:23.016Z","avatar_url":"https://github.com/outlandishideas.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Secure PHP-CRUD-API\n\nA wrapper around [mevdschee/php-crud-api](https://github.com/mevdschee/php-crud-api) which makes it secure by default,\nby ensuring that the `authorization` middleware is enabled and has handlers for tables and columns.\n\n## Usage\n\nThis library is used in exactly the same way as [mevdschee/php-crud-api](https://github.com/mevdschee/php-crud-api)\nexcept that it will throw a `InvalidArgumentException` if the `authorization`, `authorization.tableHandler` and\n`authorization.tableHandler` middleware properties are not set in the API constructor.\n\n### Using custom `tableHandler` and `columnHandler` functions:\n\nBasic use case e.g. for Slim/Laravel app:\n\n```php\n\nuse Slim\\App;\nuse Outlandish\\PhpCrudApi\\SecureConfig;\nrequire 'vendor/autoload.php';\n\nreturn function (App $app) {\n $app-\u003eget('/api[/{params:.*}]', function (\n Request $request,\n Response $response,\n array $args\n ) {\n $config = new SecureConfig([\n 'middlewares' =\u003e 'pageLimits,authorization',\n 'pageLimits.records' =\u003e 2,\n 'authorization.tableHandler' =\u003e function ($operation, $tableName) {\n return $tableName != 'users'; //prevent CRUD api from performing any actions on the users table\n },\n 'authorization.columnHandler' =\u003e\n function ($operation, $tableName, $columnName) {\n if($tableName == 'participants'){\n return $columnName != 'last_ip_address';\n }\n return false;\n },\n ]);\n $api = new Api($config);\n $response = $api-\u003ehandle($request);\n return $response;\n }\n );\n};\n```\n\n### Using TablePermissions helper\n\nThe SecureConfig class can be passed an array of TablePermissions sub-classes to make it easier to explicitly\ndefine which columns from which tables can be operated on:\n\n```php\n\nuse Slim\\App;\nuse Outlandish\\PhpCrudApi\\SecureConfig;\nuse Tqdev\\PhpCrudApi\\Api;\nuse Outlandish\\PhpCrudApi\\TablePermissions;\n\nrequire 'vendor/autoload.php';\n\nreturn function (App $app) {\n $app-\u003eget('/api[/{params:.*}]', function (\n Request $request,\n Response $response,\n array $args\n ) {\n class UsersTablePermissions extends TablePermissions\n {\n public function __construct()\n {\n parent::__construct('users');\n $this-\u003eallReadColumns = [\"id\", \"display_name\"];\n }\n \n }\n\n class PetsTablePermissions extends TablePermissions\n {\n public function __construct()\n {\n parent::__construct('pets');\n $this-\u003eallReadColumns = [\"id\", \"name\", \"favourite_food\", \"species\", \"owner\"];\n $this-\u003ecreateColumns = [\"name\", \"favourite_food\", \"species\", \"owner\"];\n }\n }\n \n $tablePermissions = [\n PetsTablePermissions::getInstance(),\n UsersTablePermissions::getInstance()\n ];\n\n \n $config = new SecureConfig([\n 'middlewares' =\u003e 'pageLimits',\n 'pageLimits.records' =\u003e 2,\n ], $tablePermissions);\n \n $api = new Api($config);\n $response = $api-\u003ehandle($request);\n return $response;\n }\n );\n};\n```\n\nThe `TablePermissions` sub-classes can set their column permissions with the `xyzColumns` properties below (as \narrays of column names), and whether they can be deleted:\n\n* `allReadColumns` (default for read/list)\n* `allWriteColumns` (default for create/update/increment/delete)\n* `readColumns` \n* `listColumns` \n* `createColumns` \n* `updateColumns` \n* `incrementColumns` \n* `canDelete` (boolean) \n\nWe recommend handling authentication in your outer application rather than using the built-in middleware e.g. \n\n```PHP\n\nclass PetsTablePermissions extends TablePermissions\n{\n public function __construct()\n {\n parent::__construct('pets');\n $this-\u003eallReadColumns = [\"id\", \"name\", \"favourite_food\", \"species\", \"owner\"];\n $this-\u003ecreateColumns = [\"name\", \"favourite_food\", \"species\", \"owner\"];\n }\n}\n\nclass PetsTablePermissionsAuthenticatedUser extends PetsTablePermissions\n{\n public function getUpdateColumns(){\n return $this-\u003egetReadColumns();\n }\n}\n\nif (Auth::check()) {\n // The user is logged in...\n $tablePermissions = [\n PetsTablePermissionsAuthenticatedUser::getInstance(),\n ];\n}else{\n //it's an anonymous user\n $tablePermissions = [\n PetsTablePermissions::getInstance(),\n ];\n}\n\n\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foutlandishideas%2Fphp-crud-api-secure","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foutlandishideas%2Fphp-crud-api-secure","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foutlandishideas%2Fphp-crud-api-secure/lists"}