Slide 1

Slide 1 text

1 Rapid Application Development With Silex Microframework Rapid Application Development With Silex Microframework, An Overview

Slide 2

Slide 2 text

2 Rapid Application Development With Silex Microframework Initial Set up (while I rant) - You need: - Vagrant - Virtualbox $ vagrant box add geerlingguy/ubuntu1604 $ vagrant up Wait forever… $ vagrant ssh $ git clone https://github.com/J7mbo/silex-dev.git

Slide 3

Slide 3 text

3 Rapid Application Development With Silex Microframework The point of this general overview is to give you some ideas to go away and research yourselves • Small components easy to set up • Little configuration required at first • Means much faster to get working with!! (Can create an API in minutes) • On the flip-side: harder to customise and do custom things • Documentation is nowhere near as prevalent as with Symfony • Microframework actually ends up being harder for nontrivial tasks Microframework?

Slide 4

Slide 4 text

4 Rapid Application Development With Silex Microframework Front controller pattern Front Controller (index.php) Request Router /users executes class X /forum executes class Y Apache serves all requests to index.php

Slide 5

Slide 5 text

5 Rapid Application Development With Silex Microframework How we used to autoload So in index.php, when you say new Namespace\MyClass; the above code would get executed automatically by PHP, and we include the relevant class file automatically

Slide 6

Slide 6 text

6 Rapid Application Development With Silex Microframework Require the autoloader • We used to have to do this ourselves • $x = new Namespace\Here\OurClassName A function would be automatically executed, where we split on “\” characters the to get the class name and namespace, then look for the directory Namespace/Here/ OurClassName.php WE USED TO HAVE TO CODE THAT OURSELVES!! NOW WE HAVE COMPOSER! require_once __DIR__ . ‘/../vendor/autoload.php’;

Slide 7

Slide 7 text

7 Create the Silex app object $app = new Silex\Application; It is your job as a backend developer to: Take in a Request Perform whatever you need to do Return a Response Rapid Application Development With Silex Microframework Silex helps you do this quickly

Slide 8

Slide 8 text

8 The first Request / Response Rapid Application Development With Silex Microframework

Slide 9

Slide 9 text

9 God objects So what is this $app? • It’s a GOD OBJECT. • It contains the entirety of the application in one object • This is basically an anti-pattern But we don’t care! Because it’s rapid application development (ie let product deal with it) Rapid Application Development With Silex Microframework

Slide 10

Slide 10 text

10 Using twig instead of just returning text • twig is a templating engine • It has really useful features like inheritance • This allows you to use templates within other templates • And generally re-use code (requires architecture thought) Rapid Application Development With Silex Microframework

Slide 11

Slide 11 text

11 An example twig template Rapid Application Development With Silex Microframework You could make this a “Members Template” and then re-use it in the application

Slide 12

Slide 12 text

12 #1 Rapid Application Development With Silex Microframework Really think about the different parts of a page and how to separate them out into re-usable twig components to avoid code duplication

Slide 13

Slide 13 text

13 Rapid Application Development With Silex Microframework Using MySQL to talk to the database Doctrine DBAL is a simple database abstraction layer Now you can use $app[‘db’] to run MySQL queries

Slide 14

Slide 14 text

14 Rapid Application Development With Silex Microframework Security - SQL Injection Allowing user input directly into the database The user could put quotes in that input, which could end the database query, and start a new one with their own SQL

Slide 15

Slide 15 text

15 Rapid Application Development With Silex Microframework Security - SQL Injection

Slide 16

Slide 16 text

16 Rapid Application Development With Silex Microframework Security - SQL Injection - Prepared Statements ‘SELECT * FROM users WHERE user = ‘ . $_GET[‘user’] If I go to “/hello/james/?user=james’ OR 1 = 1; DROP TABLE users;” First query stops at apostrophe Next one executed also (arbitrary example)

Slide 17

Slide 17 text

17 Rapid Application Development With Silex Microframework Security - SQL Injection - Prepared Statements (arbitrary example) ? for parameters Array of values to replace the questions marks with (in order)

Slide 18

Slide 18 text

18 #2 Rapid Application Development With Silex Microframework Use parameterised queries to avoid SQL Injection Attacks Always check user input cannot directly affect code / db

Slide 19

Slide 19 text

19 So far we’ve seen…. Rapid Application Development With Silex Microframework • It’s a few lines of code to create a route (/hello/{name}) • Separate html into twig templates and {{ include }} them • Write parameterised queries with ? (allows the engine to replace them for you instead) • This allows you to avoid SQL Injection attacks • Use Doctrine DBAL But this can start to get unweildy…

Slide 20

Slide 20 text

20 One problem - loads of code Rapid Application Development With Silex Microframework This might as well be procedural at this point

Slide 21

Slide 21 text

21 One problem - loads of code Rapid Application Development With Silex Microframework • Separate code into “controller” classes • Each controller handles a single route’s stuff Silex / Symfony use : to separate a class and method in a string

Slide 22

Slide 22 text

22 You can make it easier to add new controllers for yourself Rapid Application Development With Silex Microframework Create a YAML configuration file Read it, then loop around the settings and set them up Now you can just add a new controller name and action to the YAML file, and it’ll automatically be ready and executed next time you reload the page with your new route!

Slide 23

Slide 23 text

23 Symfony does this!! Rapid Application Development With Silex Microframework This is basically what Symfony does with routing. You have a routing.yml file in a similar format!! When we go to /blog, execute, within our AppBundle, the Blog controller, and the list action A little more magic (because it’s actually BlogController and Symfony removes the ‘Controller’ here - magic is bad, mmmkay)

Slide 24

Slide 24 text

24 Use Access Control Rapid Application Development With Silex Microframework Security is not easy Start with hardcoded users / password (easiest) Then specify “Only ROLE_ADMIN” users can access page /admin Again, you could loop around a yaml file for this information and add it into $app[‘security.firewalls’] (another step closer to Symfony)

Slide 25

Slide 25 text

25 Use Access Control - In Templates Rapid Application Development With Silex Microframework Don’t put Application logic in templates. But, you can hide / show buttons depending on role levels

Slide 26

Slide 26 text

26 Use Access Control - Remove hardcoded users Rapid Application Development With Silex Microframework Next move to the database. Requires a “UserProvider” class And extra configuration Symfony has this too…

Slide 27

Slide 27 text

27 #3 Rapid Application Development With Silex Microframework ALWAYS secure your endpoints with authentication Write automated tests that check for a 401 Unauthorized

Slide 28

Slide 28 text

28 Rapid Application Development With Silex Microframework What else have we got? • Easily move from procedural code to controllers • Register routes via configuration (like Symfony) • Use Access Control (hardcoded) • Show / hide a button depending on access control • The class responsible for handling user authentication (like Symfony) So what’s next? Let’s write some code

Slide 29

Slide 29 text

29 First, let’s just get it working Displaying some text in a response Rapid Application Development With Silex Microframework

Slide 30

Slide 30 text

30 This has been automatically created for you already. If you want to see it… $ mysql -uroot -proot silex_dev mysql > SHOW TABLES; MySQL Table - blog_posts Rapid Application Development With Silex Microframework

Slide 31

Slide 31 text

31 Remember, responses have to be a STRING. Unless we’re using twig as it handles it for us (that’s next) Querying the database with Doctrine DBAL And displaying the string on the page Rapid Application Development With Silex Microframework

Slide 32

Slide 32 text

32 First we need to register the service provider, and create a template Using a twig template with variables instead No more passing a string! Rapid Application Development With Silex Microframework

Slide 33

Slide 33 text

33 Using a twig template with variables instead Pass the data to the twig render() function This means we’re giving results to blog.html.twig for us to use those variables in the template Rapid Application Development With Silex Microframework

Slide 34

Slide 34 text

34 Twig inheritance and assets (css, js etc) Front-end module re-use, and including assets Rapid Application Development With Silex Microframework 1) Copy vendor/twbs/bootstrap/dist/css/bootstrap.css.min to web/css/bootstrap.css.min 2) Create base.html.twig next to blog.html.twig

Slide 35

Slide 35 text

35 Twig inheritance and assets (css, js etc) Front-end module re-use, and including assets Rapid Application Development With Silex Microframework 3) Create Your base template in twig

Slide 36

Slide 36 text

36 Twig inheritance and assets (css, js etc) Front-end module re-use, and including assets Rapid Application Development With Silex Microframework 4) Extend the base template in blog.html.twig

Slide 37

Slide 37 text

37 Add another blog post (manually) $ vagrant ssh (if you haven’t already) $ mysql -uroot -proot silex_dev Rapid Application Development With Silex Microframework

Slide 38

Slide 38 text

38 Your turn… moving your code to controllers Saying “blog.controller” gives us a BlogPostController object Rapid Application Development With Silex Microframework Create the BlogPostController class

Slide 39

Slide 39 text

39 Your turn… moving your code to controllers Rapid Application Development With Silex Microframework

Slide 40

Slide 40 text

40 Your turn… saving and deleting of posts • Create a form with a button and make silex handle a post request • In your ->post() class method, you can ask for the Request object • Access the form data in this function (var_dump($variable) to debug) • Use a mysql INSERT with doctrine dbal and prepared statements (?) • Provide a delete post button next to each post that lets you delete the post anything in {id} gets given to you in $id Rapid Application Development With Silex Microframework

Slide 41

Slide 41 text

41 Separation of Concerns Rapid Application Development With Silex Microframework You’re effectively deciding your own architecture and directory structure Symfony does the same, it just has defaults set up for you! Controller Layer Model Layer Persistence (DB) Services (re- usable components your model layer can use) Template Layer (not a view) Request Response The choices you make, for where to put different classes, different parts of the code, and how to separate code into separate ‘modules’ - is software architecture R O U T E R

Slide 42

Slide 42 text

42 Separation of Concerns - Best Practice Rapid Application Development With Silex Microframework You’re effectively deciding your own architecture and directory structure Symfony does the same, it just has defaults set up for you! Model Layer Persistence (Database) “Repository” Has methods like ‘get()’, ‘save()’ This is why we use interfaces - so we can just call the same methods that the interface defines, but how the concrete does that in the background doesn’t matter - we can write different implementations (database, file) that have the same methods so we can switch between them without changing any of the calling code! Persistence (Cache) Persistence (File) Additional layer of abstraction Interface here - you can save to anywhere with the same method calls

Slide 43

Slide 43 text

43 Doctrine can be set up with Silex, so you can create a new User($name) object, then use the Entity Manager to save. You can use a repository to find these user objects by calling find() “Repository” Has methods like ‘get()’, ‘save()’ Additional layer of abstraction Doctrine ORM has Repositories Doctrine ORM - “Repository” Rapid Application Development With Silex Microframework

Slide 44

Slide 44 text

44 Where next? Homework! • Read through the silex documentation for security (yes, it’s big) Rapid Application Development With Silex Microframework PS - you should really do this https://silex.sensiolabs.org/doc/2.0/providers/security.html Realise that this isn’t too far off from Symfony, and that Symfony tutorials are a good way to move forward I used knpuniversity.com when I first started out and now I’m here — they’re awesome (seriously).