Using API Platform to build ticketing system #symfonycon

Using API platform to build ticketing
system
Antonio Perić-Mažar, Locastic
22.11.2019. - #SymfonyCon, Amsterdam

View Slide

Antonio
Perić-Mažar
CEO @ Locastic
Co-founder @ Litto
Co-founder @ Tinel Meetup
t: @antonioperic
m: [email protected]

View Slide

Locastic
Helping clients create web
and mobile apps since 2011
• UX/UI
• Mobile apps
• Web apps
• Training & Consulting
www.locastic.com
@locastic

View Slide

• API Platform & Symfony
• Ticketing platform: GFNY (franchise business)
• ~ year and half in production
• ~ 60 000 tickets released & race results stored in DB
• ~ 20 000 users/racers,
• ~ 60 users with admin roles
• 48 events in 26 countries, users from 82 countries
• 8 different languages including Hebrew and Indonesian
Context & API Platform
Experience

View Slide

• Social network
• chat based
• matching similar to Tinder :)
• few CRM/ERP applications
Context & API Platform
Experience

View Slide

What is API platform ?

View Slide

–Fabien Potencier (creator of Symfony), SymfonyCon 2017
“API Platform is the most advanced API platform,
in any framework or language.”

View Slide

• full stack framework dedicated to API-Driven projects
• contains a PHP library to create a fully featured APIs supporting
industry standards (JSON-LD, Hydra, GraphQL, OpenAPI…)
• provides ambitious Javascript tooling to consume APIs in a snap
• Symfony official API stack (instead of FOSRestBundle)
• shipped with Docker and Kubernetes integration
API Platform

View Slide

• creating, retrieving, updating and deleting (CRUD) resources
• data validation
• pagination
• filtering
• sorting
• hypermedia/HATEOAS and content negotiation support (JSON-LD
and Hydra, JSON:API, HAL…)
API Platform built-in
features:

View Slide

• GraphQL support
• Nice UI and machine-readable documentations (Swagger UI/
OpenAPI, GraphiQL…)
• authentication (Basic HTP, cookies as well as JWT and OAuth through
extensions)
• CORS headers
• security checks and headers (tested against OWASP
recommendations)
features:

View Slide

• invalidation-based HTTP caching
• and basically everything needed to build modern APIs.
features:

View Slide

Creating Simple CRUD
in a minute

View Slide

Create
Entity
Step One
// src/Entity/Greeting.php
namespace App\Entity;
class Greeting
{
private $id;
public $name = '';
public function getId(): int
{
return $this->id;
}
}

View Slide

Create
Mapping
Step Two
# config/doctrine/Greeting.orm.yml
App\Entity\Greeting:
type: entity
table: greeting
id:
id:
type: integer
generator: { strategy: AUTO }
fields:
name:
type: string
length: 100

View Slide

Add
Validation
Step Three
# config/validator/greeting.yaml
properties:
name:
- NotBlank: ~

View Slide

Expose
Resource
Step Four # config/api_platform/resources.yaml
resources:
App\Entity\Greeting: ~

View Slide

View Slide

Serialization Groups
Read
Write

View Slide

View Slide

Use
YAML
Configuration advice

View Slide

User Management &
Security

View Slide

• Avoid using FOSUserBundle
• not well suited with API
• to much overhead and not needed complexity
• Use Doctrine User Provider
• simple and easy to integrate
• bin/console maker:user
User management

View Slide

// src/Entity/User.php
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Serializer\Annotation\Groups;
class User implements UserInterface
{
/**
* @Groups({"user-read"})
*/
private $id;
/**
* @Groups({"user-write", "user-read"})
*/
private $email;
/**
*/
private $roles = [];
/**
* @Groups({"user-write"})
*/
private $plainPassword;
private $password;
… getters and setters …
}

View Slide

{
/**
*/
private $id;
/**
*/
private $email;
/**
*/
/**
*/
private $password;
}
# config/doctrine/User.orm.yml
App\Entity\User:
type: entity
table: users
repositoryClass: App\Repository\UserRepository
id:
id:
type: integer
fields:
email:
type: string
length: 255
password:
type: string
length: 255
roles:
type: array

View Slide

{
/**
*/
private $id;
/**
*/
private $email;
/**
*/
/**
*/
private $password;
}
# config/doctrine/User.orm.yml
App\Entity\User:
type: entity
table: users
repositoryClass: App\Repository\UserRepository
id:
id:
type: integer
fields:
email:
type: string
length: 255
password:
type: string
length: 255
roles:
type: array
# config/api_platform/resources.yaml
resources:
App\Entity\User:
attributes:
normalization_context:
groups: ['user-read']
denormalization_context:
groups: ['user-write']

View Slide

use ApiPlatform\Core\DataPersister\ContextAwareDataPersisterInterface;
use App\Entity\User;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
class UserDataPersister implements ContextAwareDataPersisterInterface
{
private $entityManager;
private $userPasswordEncoder;
public function __construct(EntityManagerInterface $entityManager, UserPasswordEncoderInterface $userPasswordEncoder)
{
$this->entityManager = $entityManager;
$this->userPasswordEncoder = $userPasswordEncoder;
}
public function supports($data, array $context = []): bool
{
return $data instanceof User;
}
public function persist($data, array $context = [])
{
/** @var User $data */
if ($data->getPlainPassword()) {
$data->setPassword(
$this->userPasswordEncoder->encodePassword($data, $data->getPlainPassword())
);
$data->eraseCredentials();
}
$this->entityManager->persist($data);
$this->entityManager->flush($data);
return $data;
}
public function remove($data, array $context = [])
{
$this->entityManager->remove($data);
$this->entityManager->flush();
}

View Slide

• Lightweight and simple authentication system
• Stateless: token signed and verified server-side then stored client-
side and sent with each request in an Authorization header
• Store the token in the browser local storage
JSON Web Token (JWT)

View Slide

View Slide

• API Platform allows to easily add a JWT-based authentication to your
API using LexikJWTAuthenticationBundle.
• Maybe you want to use a refresh token to renew your JWT. In this
case you can check JWTRefreshTokenBundle.
User authentication

View Slide

View Slide

User security
checker
Security
namespace App\Security;
use App\Exception\AccountDeletedException;
use App\Security\User as AppUser;
use Symfony\Component\Security\Core\Exception\AccountExpiredException;
use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticat
use Symfony\Component\Security\Core\User\UserCheckerInterface;
class UserChecker implements UserCheckerInterface
{
public function checkPreAuth(UserInterface $user)
{
if (!$user instanceof AppUser) {
return;
}
// user is deleted, show a generic Account Not Found message.
if ($user->isDeleted()) {
throw new AccountDeletedException();
}
}
public function checkPostAuth(UserInterface $user)
{
if (!$user instanceof AppUser) {
return;
}
// user account is expired, the user may be notified
if ($user->isExpired()) {
throw new AccountExpiredException('...');
}
}
}

View Slide

User security
checker
Security
# config/packages/security.yaml
# ...
security:
firewalls:
main:
pattern: ^/
user_checker: App\Security\UserChecker
# ...

View Slide

Resource and
operation
level
Security
# api/config/api_platform/resources.yaml
App\Entity\Book:
attributes:
security: 'is_granted("ROLE_USER")'
collectionOperations:
get: ~
post:
security: 'is_granted("ROLE_ADMIN")'
itemOperations:
get: ~
put:
security_: 'is_granted("ROLE_ADMIN")
or object.owner == user'

View Slide

Resource and
operation
level using
Voters
Security
# api/config/api_platform/resources.yaml
App\Entity\Book:
itemOperations:
get:
security_: 'is_granted('READ', object)'
put:
security_: 'is_granted('UPDATE', object)'

View Slide

• A JWT is self-contained, meaning that we can trust into its payload
for processing the authentication. In a nutshell, there should be no
need for loading the user from the database when authenticating a
JWT Token, the database should be hit only once for delivering the
token.
• It means you will have to fetch the User entity from the database
yourself as needed (probably through the Doctrine EntityManager or
your custom Provider).
JWT tip
A database-less user
provider

View Slide

JWT tip
A database-less user
provider
# config/packages/security.yaml
security:
providers:
jwt:
lexik_jwt: ~
security:
firewalls:
api:
provider: jwt
guard:
# ...

View Slide

Creating
multi-language APIs

View Slide

• Locastic Api Translation Bundle
• Translation bundle for ApiPlatform based on Sylius translation
• It requires two entities: Translatable & Translation entity
• Open source
• https://github.com/Locastic/ApiPlatformTranslationBundle
• https://locastic.com/blog/having-troubles-with-implementing-
translations-in-apiplatform/
Creating
multi-language APIs

View Slide

use Locastic\ApiPlatformTranslationBundle\Model\AbstractTranslatable;
class Post extends AbstractTranslatable
{
// ...
protected function createTranslation()
{
return new PostTranslation();
}
}

View Slide

{
// ...
{
}
}
{
// ...
/**
* @Groups({"post_write", "translations"})
*/
protected $translations;
}

View Slide

{
// ...
{
}
}
{
// ...
/**
*/
protected $translations;
}
{
// ...
/**
* @var string
*
* @Groups({"post_read"})
*/
private $title;
public function setTitle($title)
{
$this->getTranslation()->setTitle($title);
return $this;
}
public function getTitle()
{
return $this->getTranslation()->getTitle();
}
}

View Slide

use Locastic\ApiTranslationBundle\Model\AbstractTranslation;
class PostTranslation extends AbstractTranslation
{
// ...
/**
* @var string
*
* @Groups({"post_read", "post_write", "translations"})
*/
private $title;
/**
* @var string
*/
protected $locale;
{
$this->title = $title;
return $this;
}
{
return $this->title;
}
}

View Slide

use Locastic\ApiTranslationBundle\Model\AbstractTranslation;
class PostTranslation extends AbstractTranslation
{
// ...
/**
* @var string
*
* @Groups({"post_read", "post_write", "translations"})
*/
private $title;
/**
* @var string
*/
protected $locale;
{
$this->title = $title;
return $this;
}
{
return $this->title;
}
}
AppBundle\Entity\Post:
itemOperations:
get:
method: GET
put:
method: PUT
groups: ['translations']
get:
method: GET
post:
method: POST
groups: ['translations']
attributes:
ﬁlters: ['translation.groups']
groups: ['post_read']
denormalization_context:
groups: ['post_write']

View Slide

POST
translation
example
Multi-language API
{
"datetime":"2017-10-10",
"translations": {
"en":{
"title":"test",
"content":"test",
"locale":"en"
},
"de":{
"title":"test de",
"content":"test de",
"locale":"de"
}
}
}

View Slide

Get response by locale
GET /api/posts/1?locale=en

{
"@context": "/api/v1/contexts/Post",
"@id": "/api/v1/posts/1')",
"@type": "Post",
"id": 1,
"datetime":"2019-10-10",
"title":"Hello world",
"content":"Hello from Verona!"
}

View Slide

Get response with all translations
GET /api/posts/1?groups[]=translations
{
"@context": "/api/v1/contexts/Post",
"@id": "/api/v1/posts/1')",
"@type": "Post",
"id": 1,
"datetime":"2019-10-10",
"translations": {
"en":{
"title":"Hello world",
"content":"Hello from Verona!",
"locale":"en"
},
"it":{
"title":"Ciao mondo",
"content":"Ciao da Verona!",
"locale":"it"
}
}
}

View Slide

• https://github.com/lexik/LexikTranslationBundle
• or you can write your own:
• https://locastic.com/blog/symfony-translation-process-
automation/
Static translation

View Slide

Manipulating context
and avoding to have /
api/admin

View Slide

Manipulating
the Context
Context
use ApiPlatform\Core\Annotation\ApiResource;
/**
* @ApiResource(
* normalizationContext={"groups"={"book:output"}},
* denormalizationContext={"groups"={"book:input"}}
* )
*/
class Book
{
// ...
/**
* This field can be managed only by an admin
*
* @var bool
*
* @Groups({"book:output", "admin:input"})
*/
public $active = false;
/**
* This field can be managed by any user
*
* @var string
*
* @Groups({"book:output", "book:input"})
*/
public $name;
// ...
}

View Slide

Manipulating
the Context
Context
# api/config/services.yaml
services:
# ...
'App\Serializer\BookContextBuilder':
decorates: 'api_platform.serializer.context_builder'
arguments: [ '@App\Serializer\BookContextBuilder.inner' ]
autoconfigure: false

View Slide

// api/src/Serializer/BookContextBuilder.php
namespace App\Serializer;
use ApiPlatform\Core\Serializer\SerializerContextBuilderInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use App\Entity\Book;
final class BookContextBuilder implements SerializerContextBuilderInterface
{
private $decorated;
private $authorizationChecker;
public function __construct(SerializerContextBuilderInterface $decorated, AuthorizationCheckerInterface
$authorizationChecker)
{
$this->decorated = $decorated;
$this->authorizationChecker = $authorizationChecker;
}
public function createFromRequest(Request $request, bool $normalization, ?array $extractedAttributes = null): array
{
$context = $this->decorated->createFromRequest($request, $normalization, $extractedAttributes);
$resourceClass = $context['resource_class'] ?? null;
if ($resourceClass === Book::class && isset($context['groups']) && $this->authorizationChecker-
>isGranted('ROLE_ADMIN') && false === $normalization) {
$context['groups'][] = 'admin:input';
}
return $context;
}
}

View Slide

Symfony Messenger
Component

View Slide

• The Messenger component helps applications send and receive
messages to/from other applications or via message queues.
• Easy to implement
• Making async easy
• Many transports are supported to dispatch messages to async
consumers, including RabbitMQ, Apache Kafka, Amazon SQS and
Google Pub/Sub.
Symfony Messenger

View Slide

View Slide

• Allows to implement the Command Query Responsibility Segregation
(CQRS) pattern in a convenient way.
• It also makes it easy to send messages through the web API that will
be consumed asynchronously.
• Async import, export, image processing… any heavy work
Symfony Messenger &
API Platform

View Slide

CQRS
Symfony Messenger & API Platform
App\Entity\PasswordResetRequest:
post:
status: 202
itemOperations: []
attributes:
messenger: true
output: false

View Slide

CQRS
Symfony Messenger & API Platform
namespace App\Handler;
use App\Entity\PasswordResetRequest;
use Symfony\Component\Messenger\Handler\MessageHandlerInterfac
final class PasswordResetRequestHandler implements MessageHand
{
public function __invoke(PasswordResetRequest $forgotPassw
{
// do some heavy things
}
}
final class PasswordResetRequest
{
public $email;
}

View Slide

namespace App\DataPersister;
use ApiPlatform\Core\DataPersister\ContextAwareDataPersisterInterface;
use App\Entity\ImageMedia;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\Messenger\MessageBusInterface;
class ImageMediaDataPersister implements ContextAwareDataPersisterInterface
{
private $entityManager;
private $messageBus;
public function __construct(EntityManagerInterface $entityManager, MessageBusInterface $messageBus)
{
$this->entityManager = $entityManager;
$this->messageBus = $messageBus;
}
public function supports($data, array $context = []): bool
{
return $data instanceof ImageMedia;
}
public function persist($data, array $context = [])
{
$this->entityManager->persist($data);
$this->entityManager->flush($data);
$this->messageBus->dispatch(new ProcessImageMessage($data->getId()));
return $data;
}
public function remove($data, array $context = [])
{
$this->entityManager->remove($data);
$this->entityManager->flush();
$this->messageBus->dispatch(new DeleteImageMessage($data->getId()));
}
}

View Slide

namespace App\EventSubscriber;
use ApiPlatform\Core\EventListener\EventPriorities;
use App\Entity\Book;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Event\ViewEvent;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\Messenger\MessageBusInterface;
final class BookMailSubscriber implements EventSubscriberInterface
{
private $messageBus;
public function __construct(MessageBusInterface $messageBus)
{
$this->messageBus = $messageBus;
}
public static function getSubscribedEvents()
{
return [
KernelEvents::VIEW => ['sendMail', EventPriorities::POST_WRITE],
];
}
public function sendMail(ViewEvent $event)
{
$book = $event->getControllerResult();
$method = $event->getRequest()->getMethod();
if (!$book instanceof Book || Request::METHOD_POST !== $method) {
return;
}
// send to all users 2M that new book has arrived
this->messageBus->dispatch(new SendEmailMessage(‘new-book’, $book->getTitle()));
}
}

View Slide

View Slide

• If same Symfony application is dispatching and consuming
messages it works very well
• If different Symfony applications are consuming messages, there are
issues
• If Symfony applications consume some 3-rd party non-Symfony
messages, there is huge issue
Symfony & Messenger

View Slide

{
"body":"{\"key\":\"TESTING\",\"variables\":{\"UserName\":\"some test username \",
\"Greetings\":\"Some test greeting 4faf188d396e99e023a3f77c04a9c06d\",\"Email\":
\"[email protected]\"},\"to\":\"[email protected]\"}",
"properties":[
],
"headers":{
"type":"App\\Message\\CommunicationMessage",
"X-Message-Stamp-Symfony\\Component\\Messenger\\Stamp\
\BusNameStamp":"[{\"busName\":\"command_bus\"}]",
\SentStamp":"[{\"senderClass\":\"Enqueue\\\\MessengerAdapter\\\\QueueInteropTransport\",
\"senderAlias\":\"communication_sync_amqp\"}]",
"Content-Type":"application\/json"
}
}

View Slide

{
"body":"{\"key\":\"TESTING\",\"variables\":{\"UserName\":\"some test username \",
\"Greetings\":\"Some test greeting 4faf188d396e99e023a3f77c04a9c06d\",\"Email\":
\"[email protected]\"},\"to\":\"[email protected]\"}",
"properties":[
],
"headers":{
"type":"App\\Message\\CommunicationMessage",
\BusNameStamp":"[{\"busName\":\"command_bus\"}]",
\SentStamp":"[{\"senderClass\":\"Enqueue\\\\MessengerAdapter\\\\QueueInteropTransport\",
\"senderAlias\":\"communication_sync_amqp\"}]",
"Content-Type":"application\/json"
}
}
String contains escaped JSON

View Slide

{
"key": "TESTING",
"variables": {
"username": "some test userName",
"Grettings": "Some test greeting 4faf188d396e99e023a3f77c04a9c06d",
"Email:" "[email protected]"
}
}

View Slide

namespace App\Messenger;
…
class ExternalJsonMessageSerializer implements SerializerInterface
{
public function decode(array $encodedEnvelope): Envelope
{
$body = $encodedEnvelope['variables'];
$headers = $encodedEnvelope['key'];
$data = json_decode($body, true);
if (null === $data) {
throw new MessageDecodingFailedException('Invalid JSON');
}
if (!isset($headers['type'])) {
throw new MessageDecodingFailedException('Missing "type" header');
}
if ($headers !== 'TESTING') {
throw new MessageDecodingFailedException(sprintf('Invalid type "%s"', $headers));
}
// in case of redelivery, unserialize any stamps
$stamps = [];
if (isset($headers['stamps'])) {
$stamps = unserialize($headers['stamps']);
}
$envelope = $this->createMyExternalMessage($data);
$stamps = [];
}
$envelope = $envelope->with(... $stamps);
return $envelope;
}
…
}

View Slide

…
{
{
}
}
}
$stamps = [];
}
$stamps = [];
}
return $envelope;
}
…
}
private function createMyExternalMessage($data): Envelope
{
$message = new MyExternalMessage($data);
$envelope = new Envelope($message);
// needed only if you need this to be sent through the non-default bus
$envelope = $envelope->with(new BusNameStamp('command.bus'));
return $envelope;
}

View Slide

…
{
{
}
}
}
$stamps = [];
}
$stamps = [];
}
return $envelope;
}
…
}
private function createMyExternalMessage($data): Envelope
{
$message = new MyExternalMessage($data);
$envelope = new Envelope($message);
// needed only if you need this to be sent through the non-default bus
$envelope = $envelope->with(new BusNameStamp('command.bus'));
return $envelope;
}
framework:
messenger:
...
transports:
...
# a transport used consuming messages from an external system
# messages are not meant to be *sent* to this transport
external_messages:
dsn: '%env(MESSENGER_TRANSPORT_DSN)%'
serializer: App\Messenger\ExternalJsonMessageSerializer
options:
# assume some other system will create this
auto_setup: false
# exchange conﬁg not needed because that's only
# for *sending* messages
queues:
messages_from_external: ~
...

View Slide

• https://github.com/Happyr/message-serializer (custom serializer)
• http://developer.happyr.com/symfony-messenger-on-aws-lambda
• have in mind that Messenger component is similar to ORM
• will work in most of cases but in same situation you will need to do
custom/your own solution
More help:

View Slide

Handling emails

View Slide

• Symfony Mailer component
• load balancer
• /w messenger component can do async in easy way
• high availability / failover
• Amazon SES, Gmail, Mailchim Mandril, Mailgun, Postmark, Sendgrid
Handling emails

View Slide

Creating reports
(exports)

View Slide

• problem:
• different objects from source and in our database
• multiple sources of data (3rd party)
• DataTransformer transforms from source object to our object (DTO)
• exporting to CSV files
Using DTOs with import
and export

View Slide

resources:
App\Entity\Order:
get: ~
exports:
method: POST
path: '/orders/export'
formats:
csv: ['text/csv']
pagination_enabled: false
output: "OrderExport::class"
groups: ['order-export']

View Slide

namespace App\DTO;
ﬁnal class OrderExport
{
/**
* @var string
* @Groups({"order-export"})
*/
private $orderStatus;
/**
* @var string
*/
private $orderNumber;
/**
* @var \DateTime
*/
private $orderDate;
/**
* @var string
*/
private $customerFullName;
/**
* @var string
*/
private $customerEmail;
/**
* @var string

View Slide

namespace App\DTO;
ﬁnal class OrderExport
{
/**
* @var string
*/
private $orderStatus;
/**
* @var string
*/
private $orderNumber;
/**
* @var \DateTime
*/
private $orderDate;
/**
* @var string
*/
private $customerFullName;
/**
* @var string
*/
private $customerEmail;
/**
* @var string
namespace App\DataTransformer;
use ApiPlatform\Core\DataTransformer\DataTransformerInterface;
…
class OrderExportDataTransformer implements DataTransformerInterface
{
/**
* @param Order $data
* @param string $to
* @param array $context
*
* @return object|void
*/
public function transform($data, string $to, array $context = [])
{
$export = new OrderExport();
$export->setOrderNumber($data->getOrderNumber());
if ($data->getStatus() instanceof Status) {
$export->setOrderStatus($data->getStatus()->getStatus());
}
$export->setOrderDate($data->getOrderDate());
…
…
$export->setTotalNumberOfTicketsInOrder($data->getTickets()->count());
$export->setTicketRevenue($data->getTicketsRevenue()->getFormatted());
$export->setDeliveryStatus($data->getDeliveryStatus()->getStatus());
$export->setDeliveryMethodRevenue($data->getDeliveryCost()->getFormatted());
$export->setFeeRevenue($data->getTotalFees()->getFormatted());
$export->setTicketTypes($data->getTicketTypesFormatted());
return $export;
}
/**
* {@inheritdoc}
*/
public function supportsTransformation($data, string $to, array $context = []): bool
{
return OrderExport::class === $to && $data instanceof Order;
}
}

View Slide

Real-time applications
with API platform

View Slide

View Slide

• Redis + NodeJS + socket.io
• Pusher
• ReactPHP
• …
• but to be honest PHP is not build for realtime :)
Real-time applications
with API platform

View Slide

View Slide

• Fast, written in Go
• native browser support, no lib nor SDK required (built on top of HTTP and server-sent
events)
• compatible with all existing servers, even those who don't support persistent
connections (serverless architecture, PHP, FastCGI…)
• Automatic HTTP/2 and HTTPS (using Let's Encrypt) support
• CORS support, CSRF protection mechanism
• Cloud Native, follows the Twelve-Factor App methodology
• Open source (AGPL)
• …
Mercure.rocks

View Slide

resources:
attributes:
mercure: true
const eventSource = new EventSource('http://localhost:3000/hub?topic=' +
encodeURIComponent('http://example.com/greeting/1'));
eventSource.onmessage = event => {
// Will be called every time an update is published by the server
console.log(JSON.parse(event.data));
}

View Slide

Testing

View Slide

• Ask yourself: “Am I sure the code I tested works as it should?”
• 100% coverage doesn’t guarantee your code is fully tested and
working
• Write test first is just one of the approaches
• Legacy code:
• Start replicating bugs with tests before fixing them
• Test at least most important and critical parts
Testing tips and tricks

View Slide

Handy testing tools

View Slide

• Created for PHPUnit
• Manipulates the Symfony HttpKernel directly to simulate HTTP
requests and responses
• Huge performance boost compared to triggering real network
requests
• Also good to consider Sylius/ApiTestCase
The test Http Client in
API Platform

View Slide

View Slide

PHP Matcher
Library that enables you to check your response against patterns.

View Slide

Faker (/w Alice)
Library for generating random data

View Slide

Postman tests
Newman + Postman

View Slide

Postman tests + Newman
Newman + Postman

View Slide

• Infection - tool for mutation testing
• PHPStan - focuses on finding errors in your code without actually
running it
• Continuous integration (CI) - enables you to run your tests on git on
each commit
Tools for checking test
quality

View Slide

View Slide

Api Platform (Symfony) is awesome!
Conclusion

View Slide

Thank you!

View Slide

Questions?
Antonio Perić-Mažar
t: @antonioperic
m: [email protected]

View Slide

Using API Platform to build ticketing system #symfonycon

Using API Platform to build ticketing system #symfonycon

Antonio Peric-Mazar

More Decks by Antonio Peric-Mazar

Other Decks in Programming

Featured

Transcript