1 Rapid Application Development With Silex Microframework Rapid Application Development With Silex Microframework, An Overview

2 Rapid Application Development With Silex Microframework Initial Set up (while I rant) - You need: - Vagrant - Virtualbox $ vagrant box add geerlingguy/ubuntu1604 $ vagrant up Wait forever… $ vagrant ssh $ git clone https://github.com/J7mbo/silex-dev.git

3 Rapid Application Development With Silex Microframework The point of this general overview is to give you some ideas to go away and research yourselves • Small components easy to set up • Little configuration required at first • Means much faster to get working with!! (Can create an API in minutes) • On the flip-side: harder to customise and do custom things • Documentation is nowhere near as prevalent as with Symfony • Microframework actually ends up being harder for nontrivial tasks Microframework?

4 Rapid Application Development With Silex Microframework Front controller pattern Front Controller (index.php) Request Router /users executes class X /forum executes class Y Apache serves all requests to index.php

5 Rapid Application Development With Silex Microframework How we used to autoload So in index.php, when you say new Namespace\MyClass; the above code would get executed automatically by PHP, and we include the relevant class file automatically

6 Rapid Application Development With Silex Microframework Require the autoloader • We used to have to do this ourselves • $x = new Namespace\Here\OurClassName A function would be automatically executed, where we split on “\” characters the to get the class name and namespace, then look for the directory Namespace/Here/ OurClassName.php WE USED TO HAVE TO CODE THAT OURSELVES!! NOW WE HAVE COMPOSER! require_once __DIR__ . ‘/../vendor/autoload.php’;

7 Create the Silex app object $app = new Silex\Application; It is your job as a backend developer to: Take in a Request Perform whatever you need to do Return a Response Rapid Application Development With Silex Microframework Silex helps you do this quickly

8 The first Request / Response Rapid Application Development With Silex Microframework

9 God objects So what is this $app? • It’s a GOD OBJECT. • It contains the entirety of the application in one object • This is basically an anti-pattern But we don’t care! Because it’s rapid application development (ie let product deal with it) Rapid Application Development With Silex Microframework

10 Using twig instead of just returning text • twig is a templating engine • It has really useful features like inheritance • This allows you to use templates within other templates • And generally re-use code (requires architecture thought) Rapid Application Development With Silex Microframework

11 An example twig template Rapid Application Development With Silex Microframework You could make this a “Members Template” and then re-use it in the application

12 #1 Rapid Application Development With Silex Microframework Really think about the different parts of a page and how to separate them out into re-usable twig components to avoid code duplication

13 Rapid Application Development With Silex Microframework Using MySQL to talk to the database Doctrine DBAL is a simple database abstraction layer Now you can use $app[‘db’] to run MySQL queries

14 Rapid Application Development With Silex Microframework Security - SQL Injection Allowing user input directly into the database The user could put quotes in that input, which could end the database query, and start a new one with their own SQL

15 Rapid Application Development With Silex Microframework Security - SQL Injection

16 Rapid Application Development With Silex Microframework Security - SQL Injection - Prepared Statements ‘SELECT * FROM users WHERE user = ‘ . $_GET[‘user’] If I go to “/hello/james/?user=james’ OR 1 = 1; DROP TABLE users;” First query stops at apostrophe Next one executed also (arbitrary example)

17 Rapid Application Development With Silex Microframework Security - SQL Injection - Prepared Statements (arbitrary example) ? for parameters Array of values to replace the questions marks with (in order)

18 #2 Rapid Application Development With Silex Microframework Use parameterised queries to avoid SQL Injection Attacks Always check user input cannot directly affect code / db

19 So far we’ve seen…. Rapid Application Development With Silex Microframework • It’s a few lines of code to create a route (/hello/{name}) • Separate html into twig templates and {{ include }} them • Write parameterised queries with ? (allows the engine to replace them for you instead) • This allows you to avoid SQL Injection attacks • Use Doctrine DBAL But this can start to get unweildy…

20 One problem - loads of code Rapid Application Development With Silex Microframework This might as well be procedural at this point

21 One problem - loads of code Rapid Application Development With Silex Microframework • Separate code into “controller” classes • Each controller handles a single route’s stuff Silex / Symfony use : to separate a class and method in a string

22 You can make it easier to add new controllers for yourself Rapid Application Development With Silex Microframework Create a YAML configuration file Read it, then loop around the settings and set them up Now you can just add a new controller name and action to the YAML file, and it’ll automatically be ready and executed next time you reload the page with your new route!

23 Symfony does this!! Rapid Application Development With Silex Microframework This is basically what Symfony does with routing. You have a routing.yml file in a similar format!! When we go to /blog, execute, within our AppBundle, the Blog controller, and the list action A little more magic (because it’s actually BlogController and Symfony removes the ‘Controller’ here - magic is bad, mmmkay)

24 Use Access Control Rapid Application Development With Silex Microframework Security is not easy Start with hardcoded users / password (easiest) Then specify “Only ROLE_ADMIN” users can access page /admin Again, you could loop around a yaml file for this information and add it into $app[‘security.firewalls’] (another step closer to Symfony)

25 Use Access Control - In Templates Rapid Application Development With Silex Microframework Don’t put Application logic in templates. But, you can hide / show buttons depending on role levels

26 Use Access Control - Remove hardcoded users Rapid Application Development With Silex Microframework Next move to the database. Requires a “UserProvider” class And extra configuration Symfony has this too…

27 #3 Rapid Application Development With Silex Microframework ALWAYS secure your endpoints with authentication Write automated tests that check for a 401 Unauthorized

28 Rapid Application Development With Silex Microframework What else have we got? • Easily move from procedural code to controllers • Register routes via configuration (like Symfony) • Use Access Control (hardcoded) • Show / hide a button depending on access control • The class responsible for handling user authentication (like Symfony) So what’s next? Let’s write some code

29 First, let’s just get it working Displaying some text in a response Rapid Application Development With Silex Microframework

30 This has been automatically created for you already. If you want to see it… $ mysql -uroot -proot silex_dev mysql > SHOW TABLES; MySQL Table - blog_posts Rapid Application Development With Silex Microframework

31 Remember, responses have to be a STRING. Unless we’re using twig as it handles it for us (that’s next) Querying the database with Doctrine DBAL And displaying the string on the page Rapid Application Development With Silex Microframework

32 First we need to register the service provider, and create a template Using a twig template with variables instead No more passing a string! Rapid Application Development With Silex Microframework

33 Using a twig template with variables instead Pass the data to the twig render() function This means we’re giving results to blog.html.twig for us to use those variables in the template Rapid Application Development With Silex Microframework

34 Twig inheritance and assets (css, js etc) Front-end module re-use, and including assets Rapid Application Development With Silex Microframework 1) Copy vendor/twbs/bootstrap/dist/css/bootstrap.css.min to web/css/bootstrap.css.min 2) Create base.html.twig next to blog.html.twig

35 Twig inheritance and assets (css, js etc) Front-end module re-use, and including assets Rapid Application Development With Silex Microframework 3) Create Your base template in twig

36 Twig inheritance and assets (css, js etc) Front-end module re-use, and including assets Rapid Application Development With Silex Microframework 4) Extend the base template in blog.html.twig

37 Add another blog post (manually) $ vagrant ssh (if you haven’t already) $ mysql -uroot -proot silex_dev Rapid Application Development With Silex Microframework

38 Your turn… moving your code to controllers Saying “blog.controller” gives us a BlogPostController object Rapid Application Development With Silex Microframework Create the BlogPostController class

39 Your turn… moving your code to controllers Rapid Application Development With Silex Microframework

40 Your turn… saving and deleting of posts • Create a form with a button and make silex handle a post request • In your ->post() class method, you can ask for the Request object • Access the form data in this function (var_dump($variable) to debug) • Use a mysql INSERT with doctrine dbal and prepared statements (?) • Provide a delete post button next to each post that lets you delete the post anything in {id} gets given to you in $id Rapid Application Development With Silex Microframework

41 Separation of Concerns Rapid Application Development With Silex Microframework You’re effectively deciding your own architecture and directory structure Symfony does the same, it just has defaults set up for you! Controller Layer Model Layer Persistence (DB) Services (re- usable components your model layer can use) Template Layer (not a view) Request Response The choices you make, for where to put different classes, different parts of the code, and how to separate code into separate ‘modules’ - is software architecture R O U T E R

42 Separation of Concerns - Best Practice Rapid Application Development With Silex Microframework You’re effectively deciding your own architecture and directory structure Symfony does the same, it just has defaults set up for you! Model Layer Persistence (Database) “Repository” Has methods like ‘get()’, ‘save()’ This is why we use interfaces - so we can just call the same methods that the interface defines, but how the concrete does that in the background doesn’t matter - we can write different implementations (database, file) that have the same methods so we can switch between them without changing any of the calling code! Persistence (Cache) Persistence (File) Additional layer of abstraction Interface here - you can save to anywhere with the same method calls

43 Doctrine can be set up with Silex, so you can create a new User($name) object, then use the Entity Manager to save. You can use a repository to find these user objects by calling find() “Repository” Has methods like ‘get()’, ‘save()’ Additional layer of abstraction Doctrine ORM has Repositories Doctrine ORM - “Repository” Rapid Application Development With Silex Microframework

44 Where next? Homework! • Read through the silex documentation for security (yes, it’s big) Rapid Application Development With Silex Microframework PS - you should really do this https://silex.sensiolabs.org/doc/2.0/providers/security.html Realise that this isn’t too far off from Symfony, and that Symfony tutorials are a good way to move forward I used knpuniversity.com when I first started out and now I’m here — they’re awesome (seriously).