API platform and how to use it

Transcript

1. Evgeny Smirnov and how to use ( fi rst look)

2. + Why?

3. +

4. +

5. + What’s inside?

6. + Out of the box “CRUD, data validation, pagination, fi

   ltering, sorting, json/hydra, GraphQL, swagger, CORS, OWASP inside…”

7. + Follow best practice because you can’t do otherwise

8. + Getting started 1. Official “Getting started” guide 2. SymfonyCast:

   RESTful APIs and 
 API Platform guides 3. StackOverflow

9. + Installation Dockerised distribution 
 (check symfony version) or through

   symfony

10. + Why?

11. +

12. + Custom business logic for any writing action — DataPersisters*

    * use decorator pattern

13. + final class UserQuizDataPersister implements ContextAwareDataPersisterInterface { private $decorated; private

    $security; … public function persist($data, array $context = []) { if (is_null($data->getUser())) { $user = $this->security->getUser(); $data->setUser($user); } $result = $this->decorated->persist($data, $context); return $result; } public function remove($data, array $context = []) { return $this->decorated->remove($data, $context); } } Data Persisters

14. + Data Providers Here should be an example but I

    have not used providers…

15. + Custom action for an action of a resource —

    Action Controller

16. + #[AsController] class SkipUserQuestion extends AbstractController { public function __invoke(UserQuestion

    $data): UserQuestion { $data->setStatus(UserQuestion::STATUS_SKIPPED); return $data; } } Pseudo Controllers

17. + Various input and output data for the same model

    — DataTransformer and DTO

18. + public function transform($data, string $to, array $context = [])

    { $resetPasswordRequest = new ResetPasswordRequest(); $user = $this->userRepository->findOneByEmail($data->getEmail()); $resetPasswordRequest->setUser($user); $now = new \DateTimeImmutable(); $expiredAt = new \DateTimeImmutable('+1 hour'); $resetPasswordRequest->setRequestedAt($now); $resetPasswordRequest->setExpiresAt($expiredAt); return $resetPasswordRequest; } Data Transformers

19. + final class ResetPasswordRequestInput { #[Groups(['resetPasswordRequest:create', 'resetPasswordRequest:read'])] #[Assert\NotBlank(groups: ['validation:create'])] #[Assert\Email()]

    private $email; public function getEmail(): ?string { return $this->email; } public function setEmail(string $email): self { $this->email = $email; return $this; } } DTOs

20. + … and much more: EventListeners, Subscribers, Filters, async …

21. + Useful add ons ✅ JWT through LexikJWTAuthenticationBundle ✅ JWT

    refresh tokens GesdinetJWTRefreshTokenBundle ❌ Complete sign up / sign in ❌ Role based API versions

22. + Disambiguous?

23. + PATCH /entity/{id} or PUT /entity/{id}/{custom-action}

24. + GET /entity/{id}/?{subentity}=% or GET /entity/{id}/{subentity}

25. + Action-Controller or DataPersister for custom writing logic?

26. + 4-5 extra classes (DTOs, Transformers, etc.) or Custom controller

    outside of API Platform* * and extra classes for OpenAPI docs…

27. + Too many ways how to perform a regular action

28. + Good for RESTful APIs with regular customisations Bad for

    custom APIs

29. +

30. +

31. +