Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Silex trivago intro

Silex trivago intro

James Mallison

April 11, 2017
Tweet

More Decks by James Mallison

Other Decks in Technology

Transcript

  1. 2 Rapid Application Development With Silex Microframework Initial Set up

    (while I rant) - You need: - Vagrant - Virtualbox $ vagrant box add geerlingguy/ubuntu1604 $ vagrant up Wait forever… $ vagrant ssh $ git clone https://github.com/J7mbo/silex-dev.git
  2. 3 Rapid Application Development With Silex Microframework The point of

    this general overview is to give you some ideas to go away and research yourselves • Small components easy to set up • Little configuration required at first • Means much faster to get working with!! (Can create an API in minutes) • On the flip-side: harder to customise and do custom things • Documentation is nowhere near as prevalent as with Symfony • Microframework actually ends up being harder for nontrivial tasks Microframework?
  3. 4 Rapid Application Development With Silex Microframework Front controller pattern

    Front Controller (index.php) Request Router /users executes class X /forum executes class Y Apache serves all requests to index.php
  4. 5 Rapid Application Development With Silex Microframework How we used

    to autoload So in index.php, when you say new Namespace\MyClass; the above code would get executed automatically by PHP, and we include the relevant class file automatically
  5. 6 Rapid Application Development With Silex Microframework Require the autoloader

    • We used to have to do this ourselves • $x = new Namespace\Here\OurClassName A function would be automatically executed, where we split on “\” characters the to get the class name and namespace, then look for the directory Namespace/Here/ OurClassName.php WE USED TO HAVE TO CODE THAT OURSELVES!! NOW WE HAVE COMPOSER! require_once __DIR__ . ‘/../vendor/autoload.php’;
  6. 7 Create the Silex app object $app = new Silex\Application;

    It is your job as a backend developer to: Take in a Request Perform whatever you need to do Return a Response Rapid Application Development With Silex Microframework Silex helps you do this quickly
  7. 9 God objects So what is this $app? • It’s

    a GOD OBJECT. • It contains the entirety of the application in one object • This is basically an anti-pattern But we don’t care! Because it’s rapid application development (ie let product deal with it) Rapid Application Development With Silex Microframework
  8. 10 Using twig instead of just returning text • twig

    is a templating engine • It has really useful features like inheritance • This allows you to use templates within other templates • And generally re-use code (requires architecture thought) Rapid Application Development With Silex Microframework
  9. 11 An example twig template Rapid Application Development With Silex

    Microframework You could make this a “Members Template” and then re-use it in the application
  10. 12 #1 Rapid Application Development With Silex Microframework Really think

    about the different parts of a page and how to separate them out into re-usable twig components to avoid code duplication
  11. 13 Rapid Application Development With Silex Microframework Using MySQL to

    talk to the database Doctrine DBAL is a simple database abstraction layer Now you can use $app[‘db’] to run MySQL queries
  12. 14 Rapid Application Development With Silex Microframework Security - SQL

    Injection Allowing user input directly into the database The user could put quotes in that input, which could end the database query, and start a new one with their own SQL
  13. 16 Rapid Application Development With Silex Microframework Security - SQL

    Injection - Prepared Statements ‘SELECT * FROM users WHERE user = ‘ . $_GET[‘user’] If I go to “/hello/james/?user=james’ OR 1 = 1; DROP TABLE users;” First query stops at apostrophe Next one executed also (arbitrary example)
  14. 17 Rapid Application Development With Silex Microframework Security - SQL

    Injection - Prepared Statements (arbitrary example) ? for parameters Array of values to replace the questions marks with (in order)
  15. 18 #2 Rapid Application Development With Silex Microframework Use parameterised

    queries to avoid SQL Injection Attacks Always check user input cannot directly affect code / db
  16. 19 So far we’ve seen…. Rapid Application Development With Silex

    Microframework • It’s a few lines of code to create a route (/hello/{name}) • Separate html into twig templates and {{ include }} them • Write parameterised queries with ? (allows the engine to replace them for you instead) • This allows you to avoid SQL Injection attacks • Use Doctrine DBAL But this can start to get unweildy…
  17. 20 One problem - loads of code Rapid Application Development

    With Silex Microframework This might as well be procedural at this point
  18. 21 One problem - loads of code Rapid Application Development

    With Silex Microframework • Separate code into “controller” classes • Each controller handles a single route’s stuff Silex / Symfony use : to separate a class and method in a string
  19. 22 You can make it easier to add new controllers

    for yourself Rapid Application Development With Silex Microframework Create a YAML configuration file Read it, then loop around the settings and set them up Now you can just add a new controller name and action to the YAML file, and it’ll automatically be ready and executed next time you reload the page with your new route!
  20. 23 Symfony does this!! Rapid Application Development With Silex Microframework

    This is basically what Symfony does with routing. You have a routing.yml file in a similar format!! When we go to /blog, execute, within our AppBundle, the Blog controller, and the list action A little more magic (because it’s actually BlogController and Symfony removes the ‘Controller’ here - magic is bad, mmmkay)
  21. 24 Use Access Control Rapid Application Development With Silex Microframework

    Security is not easy Start with hardcoded users / password (easiest) Then specify “Only ROLE_ADMIN” users can access page /admin Again, you could loop around a yaml file for this information and add it into $app[‘security.firewalls’] (another step closer to Symfony)
  22. 25 Use Access Control - In Templates Rapid Application Development

    With Silex Microframework Don’t put Application logic in templates. But, you can hide / show buttons depending on role levels
  23. 26 Use Access Control - Remove hardcoded users Rapid Application

    Development With Silex Microframework Next move to the database. Requires a “UserProvider” class And extra configuration Symfony has this too…
  24. 27 #3 Rapid Application Development With Silex Microframework ALWAYS secure

    your endpoints with authentication Write automated tests that check for a 401 Unauthorized
  25. 28 Rapid Application Development With Silex Microframework What else have

    we got? • Easily move from procedural code to controllers • Register routes via configuration (like Symfony) • Use Access Control (hardcoded) • Show / hide a button depending on access control • The class responsible for handling user authentication (like Symfony) So what’s next? Let’s write some code
  26. 29 First, let’s just get it working Displaying some text

    in a response Rapid Application Development With Silex Microframework
  27. 30 This has been automatically created for you already. If

    you want to see it… $ mysql -uroot -proot silex_dev mysql > SHOW TABLES; MySQL Table - blog_posts Rapid Application Development With Silex Microframework
  28. 31 Remember, responses have to be a STRING. Unless we’re

    using twig as it handles it for us (that’s next) Querying the database with Doctrine DBAL And displaying the string on the page Rapid Application Development With Silex Microframework
  29. 32 First we need to register the service provider, and

    create a template Using a twig template with variables instead No more passing a string! Rapid Application Development With Silex Microframework
  30. 33 Using a twig template with variables instead Pass the

    data to the twig render() function This means we’re giving results to blog.html.twig for us to use those variables in the template Rapid Application Development With Silex Microframework
  31. 34 Twig inheritance and assets (css, js etc) Front-end module

    re-use, and including assets Rapid Application Development With Silex Microframework 1) Copy vendor/twbs/bootstrap/dist/css/bootstrap.css.min to web/css/bootstrap.css.min 2) Create base.html.twig next to blog.html.twig
  32. 35 Twig inheritance and assets (css, js etc) Front-end module

    re-use, and including assets Rapid Application Development With Silex Microframework 3) Create Your base template in twig
  33. 36 Twig inheritance and assets (css, js etc) Front-end module

    re-use, and including assets Rapid Application Development With Silex Microframework 4) Extend the base template in blog.html.twig
  34. 37 Add another blog post (manually) $ vagrant ssh (if

    you haven’t already) $ mysql -uroot -proot silex_dev Rapid Application Development With Silex Microframework
  35. 38 Your turn… moving your code to controllers Saying “blog.controller”

    gives us a BlogPostController object Rapid Application Development With Silex Microframework Create the BlogPostController class
  36. 40 Your turn… saving and deleting of posts • Create

    a form with a button and make silex handle a post request • In your ->post() class method, you can ask for the Request object • Access the form data in this function (var_dump($variable) to debug) • Use a mysql INSERT with doctrine dbal and prepared statements (?) • Provide a delete post button next to each post that lets you delete the post anything in {id} gets given to you in $id Rapid Application Development With Silex Microframework
  37. 41 Separation of Concerns Rapid Application Development With Silex Microframework

    You’re effectively deciding your own architecture and directory structure Symfony does the same, it just has defaults set up for you! Controller Layer Model Layer Persistence (DB) Services (re- usable components your model layer can use) Template Layer (not a view) Request Response The choices you make, for where to put different classes, different parts of the code, and how to separate code into separate ‘modules’ - is software architecture R O U T E R
  38. 42 Separation of Concerns - Best Practice Rapid Application Development

    With Silex Microframework You’re effectively deciding your own architecture and directory structure Symfony does the same, it just has defaults set up for you! Model Layer Persistence (Database) “Repository” Has methods like ‘get()’, ‘save()’ This is why we use interfaces - so we can just call the same methods that the interface defines, but how the concrete does that in the background doesn’t matter - we can write different implementations (database, file) that have the same methods so we can switch between them without changing any of the calling code! Persistence (Cache) Persistence (File) Additional layer of abstraction Interface here - you can save to anywhere with the same method calls
  39. 43 Doctrine can be set up with Silex, so you

    can create a new User($name) object, then use the Entity Manager to save. You can use a repository to find these user objects by calling find() “Repository” Has methods like ‘get()’, ‘save()’ Additional layer of abstraction Doctrine ORM has Repositories Doctrine ORM - “Repository” Rapid Application Development With Silex Microframework
  40. 44 Where next? Homework! • Read through the silex documentation

    for security (yes, it’s big) Rapid Application Development With Silex Microframework PS - you should really do this https://silex.sensiolabs.org/doc/2.0/providers/security.html Realise that this isn’t too far off from Symfony, and that Symfony tutorials are a good way to move forward I used knpuniversity.com when I first started out and now I’m here — they’re awesome (seriously).