PHP UK 2015 - Build RESTful APIs easily with Symfony

Transcript

1. Build RESTful APIs easily with Symfony Sarah Khalil February 20th,

   2015

2. Who am I? ❖ Trainer ❖ Developer ❖ Enjoying sharer

   France

3. What is REST ?

4. What is REST? ❖ REpresentational State Transfer ❖ Architecture ❖

   Associated to Service Oriented Architecture ❖ Management of resources

5. Constraints of REST

6. Client - Server (1/6) ❖ Separation of concerns ❖ Portability

7. Stateless (2/6) ❖ HTTP ❖ Session on the client side

8. Cacheable (3/6) ❖ Avoid useless requests

9. Layered System (4/6) ❖The client requests a resource but it

   does not know the system behind.

10. Uniform interface (5/6) ❖ Each resource has its identifier: URI.

    ❖ Each resource has its representation. ❖ Auto-descripted message: if it’s JSON, the HTTP Response has a content-type header saying so.

11. Code on demand (optional) (6/6) ❖ The client could execute

    some code coming from the server, to avoid more work on the server side.

12. HTTP Methods ❖ GET ❖ POST ❖ PUT ❖ DELETE

    ❖ OPTIONS ❖ HEAD ❖ …

13. Symfony Full Stack JMSSerializerBundle FOSRestBundle BazingaHateoasBundle Guzzle NelmioApiDocBundle

14. Symfony Full Stack JMSSerializerBundle FOSRestBundle BazingaHateoasBundle Guzzle NelmioApiDocBundle

15. None

16. REQUEST

17. GET /users HTTP/1.1 User-Agent: curl/7.37.1 Host: 127.0.0.1:8000 Accept: */*

18. Symfony\Component\HttpFoundation\Request

19. RESPONSE

20. HTTP/1.1 200 OK Host: 127.0.0.1:8000 Connection: close X-Powered-By: PHP/5.6.3 Set-Cookie:

    PHPSESSID=ecdadm6o2d5v9ei0m181j8gh96; path=/ Cache-Control: no-cacheDate: Wed, 11 Feb 2015 23:42:50 GMT Content-Type: text/html; charset=UTF-8 X-Debug-Token: 32860d X-Debug-Token-Link: /_profiler/32860d <!DOCTYPE html> <html lang="en"> <head>

21. Symfony\Component\HttpFoundation\Response

22. RESTful Application Programming Interface

23. Keep’em in mind ❖JSON, XML, HTML… ❖By developers, for developers.

    ❖ Scalability ❖ Latency ❖ Security

24. Levels http://martinfowler.com

25. HATEOAS ❖ Hypermedia as the Engine of Application State ❖

    Discoverability

26. How to build all of that?

27. Symfony Full Stack JMSSerializerBundle FOSRestBundle BazingaHateoasBundle Guzzle NelmioApiDocBundle

28. JMSSerializerBundle Work with resources

29. None

30. Configuration ❖ XML, YAML and Annotation ❖ http://jmsyst.com/libs/serializer/master/reference ❖ Helper

    to serialize properties the way you want

31. Usage class DefaultController { public function indexAction() { $obj =

    new \StdClass(); $obj->latitude = -33.87087; $obj->longitude = 151.225459; $data = $this->get(‘jms_serializer’) ->serialize($obj, ’json’); return new Response( $data, 200, array(‘Content-Type’=>’application/json’) ); } } HTTP/1.1 200 OK Host: 127.0.0.1 X-Powered-By: PHP/5.6.3 Content-Type: application/json { "latitude": -33.87087, "longitude": 151.225459 }

32. Exclusion strategy /** * @JMS\ExclusionPolicy("all") */ class Product { /**

    * @JMS\Expose() */ private $name; private $users; } ❖ Visitor pattern ❖ Object graph ❖ Relations (xToMany)

33. Serializer Handler ❖ Special needs ❖ implements JMS\Serializer\Handler\SubscribingHandlerInterface ❖ <tag

    name="jms_serializer.subscribing_handler" />

34. public static function getSubscribingMethods() { return [ [ 'direction' =>

    GraphNavigator::DIRECTION_SERIALIZATION, 'format' => ‘json', 'type' => ‘AppBundle\MyClass’, 'method' => ‘serialize', ], [ 'direction' => GraphNavigator::DIRECTION_DESERIALIZATION, 'format' => ‘json', 'type' => ‘AppBundle\MyClass', 'method' => ‘deserialize', ], ]; }

35. public function serialize( JsonSerializationVisitor $visitor, MyClass $object, array $type, Context

    $context ) { $data = $object->toArray(); return $data; } public function deserialize(JsonDeserializationVisitor $visitor, $data) { $object = new AppBundle\MyClass($data); return $object; }

36. Event Subscriber ❖ http://jmsyst.com/libs/serializer/master/event_system ❖ serializer.pre_serialize, serializer.post_serialize, serializer.pre_deserialize, serializer.post_deserialize ❖

    implements JMS\Serializer\EventDispatcher\EventSubscriberInterface ❖ <tag name="jms_serializer.event_subscriber" type="AppBundle\MyClass" direction="serialization" format="json" method="onPostSerialize"/>

37. class PostSerializeMediaListener implements EventSubscriberInterface { public function onPostSerialize(ObjectEvent $event) {

    $myObject = $event->getObject(); $event->getVisitor()->addData('newElementInJson', 'information’); } public static function getSubscribedEvents() { return array( array( 'event' => Events::POST_SERIALIZE, 'format' => ‘json', 'class' => ‘AppBundle\MyClass', 'method' => ‘onPostSerialize', ), ); } }

38. Other features ❖ Serialization Group ❖ Versioning

39. Symfony Full Stack JMSSerializerBundle FOSRestBundle BazingaHateoasBundle Guzzle NelmioApiDocBundle

40. FOS Rest Bundle Setup your Symfony application

41. None

42. Controller ❖ Return view / data # app/config/config.yml fos_rest: view:

    view_response_listener: force sensio_framework_extra: view: { annotations: false } /** * @View() */ public function getUsersAction() { … return $data; }

43. Content type negotiation ❖ Request = > Accept ❖ priorities

    of media type(s) that your application is ready to get ❖ Response => Content-Type ❖ the media type of the response (html, json, png…)

44. Content type negotiation ❖ Priorities define the order of media

    types as the application prefers # app/config/config.yml fos_rest: format_listener: rules: - { path: '^/', priorities: ['json'], fallback_format: html } ❖ Request: ❖ Accept text/json;q=0.9,*/*;q=0.8,text/html

45. Request Body Converter ❖ Decoder ❖ ParamConverter # app/config/config.yml sensio_framework_extra:

    request: { converters: true } fos_rest: body_converter: enabled: true /** * @ParamConverter("post", converter="fos_rest.request_body") */ public function putPostAction(Post $post) { }

46. Validation (with the Symfony Validator Component) fos_rest: body_converter: enabled: true

    validate: true validation_errors_argument: validationErrors /** * @ParamConverter("post", converter="fos_rest.request_body") */ public function putPostAction(Post $post, ConstraintViolationListInterface $validationErrors) { if (count($validationErrors) > 0) { // Handle validation errors } }

47. Param Fetcher

48. /** * @QueryParam( * name="sort", * requirements="(asc|desc)", * allowBlank=false, *

    default="asc", * description="Sort direction" * ) * @RequestParam( * name="firstname", * requirements="[a-z]+" * ) * @QueryParam( * array=true, * name="filters", * requirements=@MyComplexConstraint * ) */ public function getArticlesAction(ParamFetcher $paramFetcher) {} http://mydomain.com/resources?sort=desc In $request->request ($_POST) fos_rest.param_fetcher_listener: true

49. /** * @QueryParam(name="page", requirements="\d+", default="1") */ public function getArticlesAction($page) {}

    fos_rest.param_fetcher_listener: force

50. Error handling fos_rest: codes: 'Symfony\Component\Routing\Exception \ResourceNotFoundException': 404 'Doctrine\ORM\OptimisticLockException': HTTP_CONFLICT

51. Error handling fos_rest: view: exception_wrapper_handler: My\Bundle\Handler\MyExceptionWrapperHandler ❖ implements FOS\RestBundle\ViewExceptionWrapperHandlerInterface public

    function wrap($data) { return new MyExceptionWrapper($data); } ❖ Take example on FOS\RestBundle\Util\ExceptionWrapper

52. Other Features ❖ Automatic generation of routes ❖ Consistency ❖

    Versioning ❖ url ❖ mime type ❖ Take a look at the documentation : ❖ http://symfony.com/doc/master/bundles/FOSRestBundle/index.html

53. Symfony Full Stack JMSSerializerBundle FOSRestBundle BazingaHateoasBundle Guzzle NelmioApiDocBundle

54. BazingaHateoasBundle Unlock the level 3 of the Richardson’s model

55. None

56. HATEOAS ❖ Hypermedia As The Engine Of Application State ❖

    Linking resources ❖ Self discovery

57. HAL ❖ Hypertext Application Language ❖ _links - relations ❖

    _embedded - related resource(s) ❖ self ❖ Specifications: http://stateless.co/hal_specification.html

58. JSON Api ❖ Similar to HAL ❖ meta - meta

    info such as pagination… ❖ links - Relation (xToOne, xToMany…) ❖ linked - Resource(s) linked ❖ Specifications: http://jsonapi.org/format/

59. Configuration ❖ Annotation, XML and YML ❖ Relies on Expression

    Language (since Symfony 2.4)

60. /** * @Hateoas\Relation( * "self", * href = @Hateoas\Route( *

    "get_notification", * absolute= true, * parameters = { * "id" = "expr(object.getId())", * "user" = "expr(service(‘security.context’).getToken().getUser().getUuid())" * } * ) * ) */ class Notification

61. Result { "id": 1, "_links": { "self": { "href": "http://domaine.name/users/eh1754329986/notifications/1/"

    } } }

62. /** * … * @Hateoas\Relation( * "activity", * href =

    "expr(‘/activity/'~object.getActivity().getId()", * embedded = "expr(object.getActivity())", * exclusion = @Hateoas\Exclusion(excludeIf = "expr(object.getActivity() === null)") * ) */ class Notification

63. Result { "id": 1, "_embedded": { "activity": { "id": 3,

    "content": "Activity content", "_links": { "self": { "href": "/activities/3" } } } } }

64. Representation ❖ Use representation to decorate your resource ❖ Hateoas\Representation\PaginatedRepresentation

    ❖ And many more !

65. "page": 1, "limit": 10, "pages": "100", "total": 1000, "_links": {

    "self": { "href": "http://domain.name/notifcations?page=1&limit=10" }, "first": { "href": "http://domain.name/notifcations?page=1&limit=1" }, "last": { "href": "http://domain.name/notifcations?page=100&limit=1" }, "next": { "href": "http://domain.name/notifcations?page=2&limit=1" } }

66. Representation ❖ Any representation you want ! ❖ A class

    with the properties you need ❖ Let the serializer do its job

67. Symfony Full Stack JMSSerializerBundle FOSRestBundle BazingaHateoasBundle Guzzle NelmioApiDocBundle

68. Guzzle Communicate between micro services

69. Frontend Service 1 Service 2 Service 3 Service 4 Private

    network Client

70. Guzzle Bundle ❖ HTTP client ❖ Request ❖ Response ❖

    HTTPS ❖ Error management ❖ https://github.com/misd-service- development/guzzle-bundle ❖ https://github.com/csarrazi/ CsaGuzzleBundle

71. Security

72. Symfony Full Stack JMSSerializerBundle FOSRestBundle BazingaHatoasBundle Guzzle NelmioApiDocBundle

73. Authentication ❖ Authorization header : Authorization: Bearer <access_token> ❖ https://github.com/poledev/katas/tree/kata-authentication

    ❖ http://symfony.com/doc/current/cookbook/security/ api_key_authentication.html ❖ Make it stateless

74. Authorisation ❖ access_control ❖ $this->get(‘security.authorization_checker')->isGranted('ROLE_ADMIN') ❖ {% if is_granted(‘ROLE_ADMIN’) %}

    … ❖ Voter ❖ ACL ❖ …

75. FosHttpCacheBundle keep it in mind

76. None

77. One last thing…

78. Symfony Full Stack JMSSerializerBundle FOSRestBundle BazingaHateoasBundle Guzzle NelmioApiDocBundle

79. NelmioApiDocBundle Documentation

80. None
81. None

82. Many tools, pick what you need!

83. https://www.flickr.com/photos/jeffclow @Saro0h http://joind.in/talk/view/13387

84. Some references ❖ Symfony Rest Edition: https://github.com/gimler/symfony-rest-edition ❖ Lukas Kahwe

    Smith & William Durand - Build Awesome REST APIs With Symfony2: https://www.youtube.com/watch?v=AcLHvOT5Ekg ❖ REST+JSON API Design - Best Practices for Developers: https://www.youtube.com/watch? v=hdSrT4yjS1g ❖ http://json-ld.org/