Architecture of a web project on Symfony

Transcript

1. Architecture of a web project on Symfony Maksym Moskvychev

2. Page with a Form in Symfony

3. Validation rules Application design for a page with a form

   Form Entity Template Symfony 2 Core Controller Request Response Form instance Doctrine If Form is valid It contains Entity Controller asks to save Entity Session Set success message Is Form Valid ? HTTP Request HTTP Response

4. Application design for a page with a form Controller action

   is responsible for 3 types of requests: 1. Form is rendered first time 2. Handle success form submission 3. There was error in form validation. Render a form with errors. Get form instance Handle Request by the form Render a template Check if Form is Valid Save entity to DB. Add success message to session. Add error message to session. Form is submitted 1 3 2 + + Redirect to some page

5. Page with a form and custom logic Registration service Authentication

   Service For example, this is a registration form. After user is registered we have to send him welcome email, then notify moderator to check this user, and authenticate. User Mailer Service send welcome email authenticate Doctrine persist in database

6. Page with a form and custom logic Registration service If

   you have any custom logic – keep it all in a service classes. Get form instance Handle Request by the form Render a template Check if Form is Valid Add error message to session. Form is submitted 1 3 2 + + Redirect to some page

7. Unit testing of the Service class All relations are replaced

   by mocks Tested class is the only one real class in the test. Only it can be created via new Unit test Registration service Authentication Service User Mailer Service send welcome email authenticate Doctrine persist in database The test itself checks that when user is registered – all needed services will be called.

8. Page with a List in Symfony

9. Application design for a page with a list Template Symfony

   2 Core Controller Request Response Doctrine Controller fetch entity repository HTTP Request HTTP Response Entity repository ->findBy() data

10. Introduction of service layer Template Symfony 2 Core Controller Request

    Response Doctrine Fetch entity repository HTTP Request HTTP Response Entity repository ->findBy() data Service class getListData data

11. Advantages of service layer on a page with a list

     Less logic and dependencies in controller.  Ability to re-use data for the list in another place.  Ability to cover fetching logic by Unit test.

12. Build-in abilities of entity repositories findBy( array $criteria, array $orderBy

    = null, $limit = null, $offset = null )

13. When you need a custom SQL query 1. Create method

    in entity repository 2. Define your logic in object-oriented way

14. Functional tests in Symfony

15. Tips about Functional tests • Functional tests make requests to

    controllers, and check response. • Functional tests are good in checking that all components are integrated in a right way. • Amount of tests should by under control.

16. Functional and Unit tests Run Functional tests Clear database Create

    database schema Run fixtures Run migrations Run test Run test Run Unit tests Run next test Run next test

17. How to set up environment for Functional tests Option 1.

    Bootstrap file. Option 2. setUp method.

18. Bundles in Symfony

19. Bundle structure Controllers Templates Services Entities Entity Repositories Pictures JavaScript

    CSS Listeners Presentation layer Service layer Database layer Unit tests Functional tests

20. Use one App Bundle

21. Example of multiple bundle architecture All custom bundles Bundles in

    Vendors Symfony Framework Bundle Symfony Components Doctrine Twig Core Bundle Site A Bundle Site B Bundle Incorrect case Core Bundle Site A Bundle Site B Bundle

22. Multilingual support in Symfony

23. Purpose of multilingual support Translation of user interface Translation of

    content Switching between locales  Static text on pages  Form fields  Menus  Messages to user Localized versions of content from DB  How to determine User locale?  Switching between locales Even if your site is only in English now, you should take care of its multilingual abilities. Nobody knows what will be with the project in 5 years. But if the project is success, it will go to another countries.

24.  Use keys instead of strings everywhere  Define real

    text for each key in translation file. Translation of user interface

25. Validation rules Form Entity Template Symfony 2 Core Controller Request

    Response Form instance Doctrine If Form is valid It contains Entity Controller asks to save Entity Translation files Session Set success message Is Form Valid ? HTTP Request HTTP Response Translation of user interface

26. Translation of content Custom DB structure. Doctrine ODM

27. Web application security and Symfony

28. Symfony resolves some vulnerabilities Cross Site Scripting SQL Injection Cross

    Site Request Forgery Information Disclosure Authorization policy

29. Policy: save as it is, escape on output

30. SQL Injection Policy: pass to database raw data, bind variables

    to query.

31. Cross Site Request Forgery Policy: all not-safe requests should be

    protected by CSRF token

32. Information Disclosure & Authorization policy Policy: white-list access to resources

    Security component in Symfony allows to configure: • Firewalls to set up Authentication policy. • User providers to get list of users for Authentication. • Access rules to match a resource and a role. • Role hierarchy to define dependencies between roles. • Encoders to define algorithm to encode passwords.

33. Q & A