Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/webiny/rest
[READ-ONLY] A simple but powerful PHP REST library that doesn't get in the way. Supports rate control, crud, versioning, cache and json output. Create RESTful APIs with ease. (master at Webiny/Framework)
https://github.com/webiny/rest
Last synced: about 2 months ago
JSON representation
[READ-ONLY] A simple but powerful PHP REST library that doesn't get in the way. Supports rate control, crud, versioning, cache and json output. Create RESTful APIs with ease. (master at Webiny/Framework)
- Host: GitHub
- URL: https://github.com/webiny/rest
- Owner: webiny
- License: mit
- Created: 2014-08-30T20:31:38.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2017-11-26T21:25:12.000Z (about 7 years ago)
- Last Synced: 2024-04-15T15:33:46.178Z (9 months ago)
- Language: PHP
- Homepage: http://www.webiny.com/
- Size: 86.9 KB
- Stars: 3
- Watchers: 11
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
REST Component
================
A simple but powerful REST library that doesn't get in the way.
Install the component
---------------------
The best way to install the component is using Composer.
```bash
composer require webiny/rest
```
For additional versions of the package, visit the [Packagist page](https://packagist.org/packages/webiny/rest).
## Usage
Some of the built-in features:
- supports **GET**, **POST**, **PUT**, **PATCH** and **DELETE** requests
- resource naming (via `@rest.url` annotation)
- integrated version management system
- effective Rate Control mechanism
- services are configured using annotations
- built in Cache using [Webiny Framework Cache component](../Cache/)
- built in ACL using [Webiny Framework Security component](../Security/)
- built in routing using [Webiny Framework Router component](../Router/)
- nice debug options
- pretty formatted JSON output (only in development mode)
- CRUD support
## Usage example
```php
// create REST instance for the given configuration and the API class
$rest = new \Webiny\Component\Rest\Rest('InternalApi', '\MyApp\Services\TestService');
// process the request and send the output to browser
$rest->processRequest()->sendOutput();
// simple as that...
```
## Configuration and dependencies
This is an example configuration:
```yaml
Rest:
ExampleApi:
CompilePath: /var/tmp
Router:
Class: \Foo\Bar\MyServices\{foo}\{bar}
Path: /services/{test}/{foo}/{mock}/{bar}
Normalize: true
MiddlewareApi:
CompilePath: /var/tmp
Middleware: \My\Custom\Handler
Router:
Class: \Foo\Bar\MyServices\{foo}\{bar}
Path: /services/{test}/{foo}/{mock}/{bar}
Normalize: true
SomeOtherApi:
CompilePath: /var/www/Cache/Rest
Cache: someCacheService
Security:
Role: ROLE_ANONYMOUS
Firewall: Admin
RateControl:
Limit: 60
Interval: 1 # in minutes
Penalty: 10 # in minutes
Environment: production
```
As you can see, you can have multiple REST configurations. The minimum that one configuration must have is just the
definition of `CompilePath`.
### Configuration parameters:
#### **CompilePath**
This is the absolute path to a folder where the REST component will store the compiled files.
*If you want to know more:*
When you register a class, or in API naming, a "service", the component will parse through that class and all its
methods and their annotations, which would be then evaluated based on different rules, to define the service behaviour.
All this is then saved an array that is actually stored in a file, that we call the compile cache file.
#### **Router**
This is an optional setting, it tells to the Rest component how it should transform the current url to get the service
class name. However to trigger that mechanism, the url must match the `Path` parameter. Variables in brackets will act
as patterns to match certain parts of the url. Those matches can then be used to create the `Class` name.
You will find more about routing in the [Routing and accessing the APIs](#routing-and-accessing-the-apis) section.
#### **Cache**
As stated before, the component uses the [Cache component](../Cache/) from Webiny Framework. The value of the `Cache`
should point to a defined cache service.
The cache is used for two different operations, one is to provide a caching layer for storing results,
and the other one is that Cache is a requirement if you wish to use the Rate Control mechanism.
#### **Security**
Security section provides a layer for authorization and authentication above your REST APIs. It is dependent upon the
[Security](../Security) component.
The configuration takes two parameters:
- `Firewall`: name of the registered firewall on the Security component configuration.
- `Role`: this is the default role that all users need to have in order to access the API. You can overwrite the required role in the annotations. If you don't want to force the role, you can either remove this part from your configuration, or set it to `ROLE_ANONYMOUS`, which will then allow access to all users, unless it's overwritten by a method or class annotation.
If the user doesn't have access, a **403 - Forbidden** response is returned.
#### **RateControl**
Rate control is a protection mechanism preventing anyone from abusing your REST API in a way the he is making too many requests in a short period of time.
With rate control you set the following parameters:
- `Limit`: how many requests per interval a particular IP can make
- `Interval`: after how many minutes should be reset the limit
- `Penalty`: for how long should we block the IP if it has reached the limit
If limit is reached, and penalty is activated, the component will return **429 - Too Many Requests** response, until the
limit is restored.
Note that the rate control mechanism requires that you have `Cache` specified on that REST configuration.
#### **Environment**
The value of `Environment` attribute can either be 'production' or 'development'. The difference is that in development
mode we constantly rebuild the compiled cache files, we also output special debug response headers, and JSON output uses pretty format.
#### **Middleware**
If this parameter is set, it should point to your class that implements `MiddlewareInterface`. This gives you control over execution of your REST service method.
Everything until and after the execution of the service is done by the component. The component passes the `RequestBag` to your middleware, and it is up to you
how you will execute the method, maybe perform additional checks, or some custom business logic. Whatever you do, the return value will be passed directly to
the REST component and will be used as a service result.
## Class and method annotations
```php
/**
* @rest.role ROLE_EDITOR
*/
class FooService
{
/**
* @rest.method get
* @rest.default
* @rest.ignore
* @rest.cache.ttl 100
* @rest.header.cache.expires 3600
* @rest.header.status.success 200
* @rest.header.status.errorMessage No Author for specified id.
* @rest.rateControl.ignore
* @rest.url some/custom/url/{param1}/param2/{param2}/other/{param3}
*
* @param integer $param1 Some param.
* @param string $param2 Other param.
* @param string $param3 Other param.
*/
function fooMethod($param1, $param2 = "default", $param3 = "p3def")
{
...
}
}
```
Annotations are a way of describing certain properties of an object. With annotations you can configure the behaviour
of your service. All the REST component annotations have a `rest` namespace.
All the annotations can be defined on a class level, making them default to methods, and on the method level you can
overwrite them. There are no required annotations.
**When one class extends another, where the child class is actually your REST API, the parent class automatically
passes, its class and method, annotations the child class, so make sure when overwriting methods, that you also
overwrite the annotations, if necessary.**
### The following annotations are available:
#### **@rest.method**
```php
/**
* @rest.method get
*/
```
Defines over which HTTP method the service can be accessed. If not defined, `get` is set as default. The supported
request types are **GET**, **POST**, **PUT**, **PATCH** and **DELETE**.
They are not case sensitive.
#### **@rest.default**
```php
/**
* @rest.default
*/
```
Defines that this method is the default method for the defined `@rest.method` request type.
For example if you have `@rest.method` set to `post` and the method is marked with `@rest.default` and you do a POST
request just to the service name, without the method, the defined default method for POST request will be triggered.
#### **@rest.ignore**
```php
/**
* @rest.ignore
*/
```
This flag tells to the component that it should ignore that method and that it's not part of the service.
Usually used for some internal methods.
#### **@rest.cache.ttl**
```php
/**
* @rest.cache.ttl 100
*/
```
Marks that the returned result from this method can be cached for the specific amount of time. The time is defined in
seconds. Note that this feature requires that you have a `Cache` service defined in your configuration.
#### **@rest.header**
There are several options in the `header` section that you can control:
- `cache.expires`: defines what ttl will be set in `Expires` header that component will send to the browser. If you don't set it, it will be set to '-1' telling the browser to always grab fresh content from the server.
- `status.success`: what response status code should be returned if the request was successful. By default **200 - OK** is returned, with an exception of **201 - Created** for **POST** requests.
- `status.errorMessage`: defines a custom error message that will be attached to the response status code.
#### **@rest.role**
```php
/**
* @rest.role ROLE_EDITOR
*/
```
Defines that a method can only be accessed by users that have the specific, or higher, access level.
This annotation requires that you define the `Security` section in your configuration.
#### **@rest.rateControl.ignore**
```php
/**
* @rest.rateControl.ignore
*/
```
This flag marks that rate control will not be applied to that method.
#### **@rest.url**
```php
/**
* @rest.url some/custom/url/{param1}/param2/{param2}/other/{param3}
*/
```
This annotation provides the resource naming feature by specifying a custom url that will be used in the url matching,
instead of the `method name`.
**Note:** When using resource naming, you cannot use `@rest.default` annotation on that method, and also you cannot
specify optional parameters.
## Routing and accessing the APIs
This is an example `Router` config.
```yaml
Rest:
ExampleApi:
Router:
Class: \Foo\Bar\MyServices\{foo}\{bar}
Path: /services/{test}/{foo}/{mock}/{bar}
Normalize: true
```
The config takes the following parameters:
#### Class
This parameter tells to the `Router` how it should implement the matching parameters from the url and the `Path` to get
the class name used for the called Rest service.
#### Path
Path is a url pattern that the component tries to match agains the current url. If a match is made, the matched parameters are used to create
the `Class` name. All the patterns are inside curly brackets `{foo}` and `([\w-]+)` regex pattern is used for matching.
#### Normalize
This is an optional feature. It tells to the component if the matched parameters should be normalized. In this case
under "normalize" we consider transforming parameter value like this one `some-application` into this `SomeApplication`.
#### Example
Let's say you have the upper configuration example in place. The following url will produce the example class name.
Url: `http://www.hats.com/services/my-app/some-longer-name/test/pac-man`
Class: `\Foo\Bar\MyServices\SomeLongerName\PacMan`
#### Some pre-requirements
All you need to do is set on your web server that all requests should be routed to a single file, for example `rest.php`
On that file call the static `iniRest` method with the API name. That method returns a new Rest instance where
you can call the `processRequest` method that triggers the service call. If the url is not matched boolean `false` is returned.
```php
try{
$rest = Rest::initRest('ExampleApi');
if($rest){
$rest->processRequest()->sendOutput();
}
}catch (RestException $e){
// handle the exception
}
```
## Interfaces
The component provides several interfaces that you can implement on your API class to gain more control over some aspects
of the component.
All the interfaces are under the a namespace `Webiny\Component\Rest\Interfaces\`.
### Versioning and VersionInterface
The component gives you the option to version your APIs, meaning that you can have multiple active version of one API.
This helps a lot when you are deploying a new version, but you still need to support the old one.
Also you have two version aliases, making things even more simpler for you. The alias is nothing but a pointer to an actual version.
The two available aliases are `latest` and `current`. If somebody requests your API, and if he hasn't defined a version, he will be pointed
to the `current` version, which is then mapped to an actual version.
In order to implement versioning feature, you need to implement `Webiny\Component\Rest\Interfaces\VersionInterface` on your class.
This looks something like this:
```php
class FooService implements \Webiny\Component\Rest\Interfaces\VersionInterface
{
static public function getLatestVersion(){
return '2.0';
}
static public function getCurrentVersion(){
return '1.0';
}
static public function getAllVersions(){
return [
'1.0' => 'FooService',
'2.0' => 'FooServiceNew',
'2.1' => 'FooServiceBetaInTesting'
];
}
}
```
The interface will tell you to implement the upper three methods, `getLatestVersion`, `getCurrentVersion` and `getAllVersions`.
The most important method is the `getAllVersions` which returns an array of supported versions where the key is the version number,
in format X.Y, and the class name is the value. This is the class that will be used to handle the requests.
Note that only the 'main' class needs to be registered with the component `$rest = new \Webiny\Component\Rest\Rest('InternalApi', 'FooService');`.
Also the main class is the only one that needs to implement the interface, making everything a whole lot easier to maintain.
#### How to access a specific version
By default all users will be pointed to the `current` version. To make a request to a specific version you need to add a request header.
The request header name is `X-Webiny-Rest-Version` and the value is the version. For the version you can send a specific version
number, or an alias. All requests that have this header will be mapped to that concrete version.
// point the request to version 2.1
```txt
X-Webiny-Rest-Version: 2.1
```
### AccessInterface
If you wish to implement your own security layer, you can implement the `Webiny\Component\Rest\Interfaces\AccessInterface`.
```php
class FooService implements \Webiny\Component\Rest\Interfaces\AccessInterface
{
public function hasAccess($role)
{
// do you processing here
}
}
```
The interface will ask you to define `hasAccess` method. This method takes only one parameter `$role`. This parameter
contains the value defined in `@rest.role` annotation. The method should return either `true` or `false`, allowing or denying access to the user.
Note that you still need to define the `Security` section in your REST configuration. The configuration should only contain the default required role. Don't define the `Firewall` attribute.
```yaml
Rest:
SomeOtherApi:
CompilePath: /var/www/Cache/Rest
Security:
Role: ROLE_ANONYMOUS
```
`ROLE_ANONYMOUS` allows non authenticated users to call the service.
You can overwrite the required role with the `@rest.role` annotation on a per-class and per-method basis.
### CacheKeyInterface
Rest component, by default, creates cache keys from these parameters:
- url path
- query parameters
- http method
- post parameters
- payload parameters
- api version (we use the actual version number, not the aliases like current, and latest)
Implement this interface to define your own method for generating a cache key.
Some common use cases are to generate a cache key based on some cookie or token.
Note that you should still include the url, query parameters and the http method.
Always take into account that generating the cache key doesn't actually take longer than getting the data without cache.
The implementation looks like this:
```php
class FooService implements \Webiny\Component\Rest\Interfaces\CacheKeyInterface
{
public function getCacheKey($role)
{
// return your generated key
}
}
```
Note that the returned key is used "as it is", nothing is appended to it, nor it is hashed, so make sure that you
return a key with a proper size.
### CrudInterface
Implementing this interface you will get the basic CRUD methods and behavior described in the table below:
| Request type | Url | Mapping | Description |
| --------------- | ------------------ | --------------------------- | -------------------------------------- |
| GET | foo-class/ | FooClass::crudList | Retrieve all records in a collection. |
| POST | foo-class/ | FooClass::crudCreate() | Create new record. |
| DELETE | foo-class/{id} | FooClass::crudDelete($id) | Delete a record with the given id. |
| GET | foo-class/{id} | FooClass::crudGet($id) | Retrieve a single record. |
| PUT | foo-class/{id} | FooClass::crudReplace($id) | Replace a single record. |
| PATCH | foo-class/{id} | FooClass::crudUpdate($id) | Update a single record. |
## RestTrait
In practice you often need to use things like paging, sorting and similar,
which doesn't make since to put as a parameter in your method. The best approach is to use query parameters.
The `RestTrait` provides you with helper functions and suggestions.
In the trait you will find the next methods:
- `restGetPage`: returns the value of `_page` query parameter
- `restGetPerPage`: returns the value of `_perPage` query parameter (has a built-in limit of 1.000)
- `restGetSortField`: returns the sort field name from the `_sort` query parameter
- `restGetSortFields`: returns the sort fields array, parsed from the `_sort` query parameter
- `restGetSortDirection`: returns the sort direction from the `_sort` query parameter
- `restGetFields`: returns the value of `_fields` query parameter
Let's see the returned values if we would look at this url:
`http://api.example.com/my-service/get-pages/?_page=1&_perPage=10&_sort=+Title&_fields=id,title,author,slug`
The returned values would be as following:
- `restGetPage`: 1
- `restGetPerPage`: 10
- `restGetSortField`: Title
- `restGetSortDirection`: 1 (if we would have '-' in front of the field name, the function would return -1)
- `restGetSortFields`: ['Title' => 1]
- `restGetFields`: id,title,author,slug
## Return values
The component returns a JSON response, like the one below:
```json
{
"data": "this is my result"
}
```
Your result is always encapsulated within the `data` property.
In case of an error, the `data` property is omitted, and you will get a response containing errors, like this one:
```json
{
"errorReport": {
"message": "This is an error.",
"description": "Some custom error description."
}
}
```
You can also add additional error entries:
```json
{
"errorReport": {
"message": "This is an error.",
"description": "Some custom error description.",
"errors": [
{
"message": "This is an additional error message.",
"field": "This is a custom error field."
},
{
"message": "Another error",
"code": "23a33"
}
]
}
}
```
### Throwing errors
When you need to throw an error, the best way is using the RestErrorException class.
```php
class FooService
{
public function testError()
{
$error = new \Webiny\Component\Rest\RestErrorException("This is an error.", "Some custom error description.");
$error->addError(['message'=>'This is an additional error message.', 'field'=>'This is a custom error field.']);
$error->addError(['message'=>'Another error', 'code'=>'23a33']);
throw $error;
}
}
```
## Debugging
The component will return additional debug information in the response header and in the `debug` part of the response body.
The additional headers are as following:
- `X-Webiny-Rest-Class`: name of the used API class (useful to know which class was used based on the version)
- `X-Webiny-Rest-ClassVersion`: actual API version
- `X-Webiny-Rest-Method`: which HTTP request method was used
- `X-Webiny-Rest-RateControl-Limit`: the limit of rate control (also present in the production mode)
- `X-Webiny-Rest-RateControl-Remaining`: the remaining number of requests, until the limit is reached (also present in the production mode)
- `X-Webiny-Rest-RateControl-Reset`: unix timestamp with the date when the rate control limit will be refreshed
- `X-Webiny-Rest-RequestedRole`: present only if the method required some specific role
Here is typical example output:
```txt
X-Webiny-Rest-Class:TestRestApiServiceNew
X-Webiny-Rest-ClassVersion:2.0
X-Webiny-Rest-Method:GET
X-Webiny-Rest-RateControl-Limit:10
X-Webiny-Rest-RateControl-Remaining:8
X-Webiny-Rest-RateControl-Reset:1408414512
X-Webiny-Rest-RequestedRole:SECRET_ROLE
```
## Compiler cache
The component reads the api classes and creates an array that contains different information about the api services
contained within that class. Based on the component environment, that array will be saved. If the environment is `development`
the cached array will be stored in memory inside a static array. If the environment is `production` the array will be written
to the disk, using the `CompilePath`.
If you wish to create your own compiler cache class, and write, for example to a Redis database, you just need to create a
class and implement `\Webiny\Component\Rest\Compiler\CacheDrivers\CacheDriverInterface` and define the path to the class
inside your Rest component config, like this:
```yaml
Rest:
ExampleApi:
CompilerCacheDriver: '\Vendor\Namespace\Class'
```
Resources
---------
To run unit tests, you need to use the following command:
$ cd path/to/Webiny/Component/Rest/
$ composer.phar install
$ phpunit
Make sure that you update the configuration files inside `Test/Mocks/` folder.