42 best practices for Symfony2

Transcript

1. 42 BEST PRACTICES FOR 42 BEST PRACTICES FOR SYMFONY2 SYMFONY2

   Tugdual Saunier (@tucksaun)

2. DISCLAIMER DISCLAIMER

3. What follows is not stored by meaningfulness nor criticality.

4. Of course, every best practice is questionnable.

5. There are always exceptions.

6. Be pragmatic! Consider the context.

7. LET’S START LET’S START

8. DOCUMENTATION DOCUMENTATION There’s a lot of documentation available. Read it.

9. DOCUMENTATION DOCUMENTATION Have you already? Read it again from time

   to time

10. DOCUMENTATION DOCUMENTATION When you are looking for documentation or seeking

    help. Use Symfony2 (capitalize, no space). There is so much resources available symfony (1.x) that filtering then out would make you lose time.

11. BOOTSTRAPPING BOOTSTRAPPING Except if you are at ease and perfectly

    master Symfony2, Use the Standard Edition.

12. BOOTSTRAPPING BOOTSTRAPPING Use the Standard Edition. But do some house

    cleaning! Delete AcmeDemoBundle Removed unused dependencies Change the favicon etc

13. PROFILER PROFILER The Web Debug Toolbar gives you a lot

    of useful informations. Always keep an eye on it.

14. PROFILER PROFILER Intercept redirection (in dev). This will help you

    during debugging and will help you to have a better view on the data collected by the profiler.

15. ORGANISATION ORGANISATION

16. SCM IGNORE SCM IGNORE app/cache/* app/logs/* app/bootstrap.php.cache web/bundles vendor app/config/parameters.yml

    But for the last one, add a app/config/parameters.yml.dist file.

17. YOUR CREDENTIALS ARE SECRET! YOUR CREDENTIALS ARE SECRET! Do not

    hardcode credentials in configuration: use parameters Do not version parameters.[ini|yml] Use environment variables

18. YOUR CREDENTIALS ARE SECRET! YOUR CREDENTIALS ARE SECRET! # app/config/config.yml

    doctrine: dbal: username: %database_username% password: %database_password%

19. YOUR CREDENTIALS ARE SECRET! YOUR CREDENTIALS ARE SECRET! # app/config/parameters.yml

    parameters: database_username: symfony database_password: s3cr3t

20. YOUR CREDENTIALS ARE SECRET! YOUR CREDENTIALS ARE SECRET! <VirtualHost *:80>

    Servername www.domain.tld # ... SetEnv SYMFONY__DATABASE_USERNAME "symfony" SetEnv SYMFONY__DATABASE_PASSWORD "s3cr3t" </VirtualHost>

21. YOUR CREDENTIALS ARE SECRET! YOUR CREDENTIALS ARE SECRET! This is

    not limited to passwords, apply for any “secret” information.

22. CODING STYLE CODING STYLE Always use the same coding style.

    Better, follow Symfony’s one.

23. CODING STYLE CODING STYLE A must-have tool is available to

    help your to respect Symfony’s coding style: PHP Coding Standards Fixer https://cs.symfony.com/ https://cs.symfony.com/

24. APPLICATIONS? APPLICATION! APPLICATIONS? APPLICATION! By default, Symfony2 has a single

    application. It is quite unusual to need several ones, think thoroughly before implementing a multiple applications setup.

25. APPLICATIONS APPLICATIONS If you really want to use several applications,

    your tree directory must be uniform and mimic as much as possible the Standard Edition one (app directory).

26. BUNDLES BUNDLES Your project is composed of Bundles.

27. BUNDLES BUNDLES One Bundle = One feature If your bundles

    are meant to be re-used and if your bundles are de-coupled. UserBundle => User Management ForumBundle => Forum ProductBundle => Product Management StoreBundle => E-Commerce

28. BUNDLES & COMPONENTS/LIBRAIRIES BUNDLES & COMPONENTS/LIBRAIRIES In an ideal world,

    your bundles should only be the glue between Symfony2 and your business logic. The business logic must be independent. Take inspiration from the Bundles and Components organization in Symfony2.

29. BUNDLES & COMPONENTS/LIBRAIRIES BUNDLES & COMPONENTS/LIBRAIRIES Symfony\Bundle\FrameworkBundle\DependencyInjection Symfony\Component\DependencyInjection Symfony\Bundle\FrameworkBundle\Validator Symfony\Component\Validator

    Symfony\Bundle\FrameworkBundle\HttpKernel Symfony\Component\HttpKernel Symfony\Bundle\TwigBundle \Twig

30. ROUTING ROUTING No route should be declared in app/config/routing.yml. This

    file should only contain imports. Route declarations should be stored in the bundle of the associated controller.

31. TEMPLATING TEMPLATING Follow’s 😉 Grégoire Pineau advices Grégoire Pineau advices

32. I18N I18N Introduce internationalization from the get go Introducing internationalization

    later one takes more time is and is more complicated.

33. CONTROLLERS CONTROLLERS

34. FORMS FORMS After a successful form processing in POST, you

    must always redirect the user: security UX avoid double submission and data duplication

35. ORM ORM Queries must be created withing dedicated classes (Repository,

    Peer), not directly in controllers.

36. COMPULSORY COMPULSORY No business logic in controllers. They must fetch

    services (or instantiate business objects), invoke them, and provide processing result to the view layer. That’s it.

37. LENGTH LENGTH 20 lines max per action. More usually means

    they contain business logic. No more than 10 actions per controller. More than that and it becomes un-maintenable.

38. LENGTH LENGTH Annotations can help to keep you controllers lighter

    and with less boilerplate. They also help you to centralize information and keep route declaration with the associated controller.

39. MODEL MODEL

40. “UTILS” “UTILS” Do not create “util” classes with tons of

    static methods.

41. FORMS FORMS Build your form in Form Types Reusable Do

    not clutter your controllers “Cleaner” organisation

42. FORMS FORMS Declare those types as services.

43. FORMS FORMS If your fom types have dependencies, inject them

    into the constructor, not using options.

44. SESSIONS SESSIONS The session use logic must be in a

    service with the session injected. Not in controllers.

45. SESSIONS SESSIONS Minimise the amount of data you store in

    sessions.

46. LOGGING LOGGING The default Monolog configuration will only output debug

    logs if an error happens. Therefore do not refrain yourself to log.

47. ORM ORM Use your entities to store information. Use dedicated

    business classes to manipulate them. “Treat your entities like princesses”. This eases unit testing, refactoring and bundles/component organisation.

48. DIC DIC

49. DIC DIC The DIC is without any doubts the most

    powerful tool in Symfony2. Symfony2 flexibility comes from the DIC. Read, learn, try!

50. DIC DIC Use XML configuration for you bundles.

51. DIC DIC Do not inject the container. Only inject the

    required dependencies.

52. DIC DIC Do not hardcode paths. You can use the

    %kernel.root_dir% parameter or build paths during DIC compilation.

53. VIEWS VIEWS

54. USE TWIG USE TWIG This will constrain you to respect

    MVC

55. USE TWIG USE TWIG Intuitive Performant Powerful Secured (Autoescaping)

56. ASSETS ASSETS Use Assetic

57. EXTENSIBILITY / MAINTAINABILITY EXTENSIBILITY / MAINTAINABILITY

58. BUNDLES BUNDLES You should not import your bundle’s configuration from

    app/config/config.yml. The bundle’s DI extension should take care of it.

59. BUNDLES BUNDLES Use the semantic configuration # app/config/config.yml my_bundle: foo:

    bar my_feat_is_enabled: true feat_config: lorem: ipsum

60. BUNDLES BUNDLES Validating this configuration let you: enable your services

    only if necessary, ensure your configuration is valid during warmup… and give explicit error messages to developer.

61. COMMANDS COMMANDS Use Commands for your batch processing and repetitive

    tasks.

62. TESTS TESTS Use unit and functional tests!

63. PROD PROD

64. FRONT CONTROLLER FRONT CONTROLLER Don’t deploy web/app_dev.php To be more

    accurate, the only front controller to deploy is web/app.php

65. FORMS FORMS Do not disable CSRF protection.

66. FORMS FORMS Change the secret value in parameters.yml!

67. FORMS FORMS Remenber, “Your credentials are secret!”. The secret also

    is! (Hence the name…)

68. FORMS FORMS Go further, use the intention option in your

    forms. This will make the token unique for each form type.

69. DOCTRINE DOCTRINE Enable Doctrine caches (metadata and query). No functional

    effect, only better performance.

70. CUSTOMIZE YOUR ERROR PAGES CUSTOMIZE YOUR ERROR PAGES That’s classy

    Avoid default page to be recognized

71. LOGS LOGS Monolog’s configuration is really good for production. Do

    not enable log output for every requests.

72. CACHING CACHING Page caching is simple with Symfony2. Do not

    generate the same content twice, use caching.

73. PHP PHP Use PHP 5.4. You will save on time

    and memory.

74. PHP PHP Install and enable APC. You will save on

    time. (Should not be necessary anymore with PHP 5.5 😉 )

75. FINALLY FINALLY

76. None
77. None
78. None

79. Do not forget that Symfony2 is a PHP Object Framework

80. Therefore, do not ask yourself “How to do this with

    Symfony2 ?”, but ask yourself “How to do this using PHP Object ?”.

81. Follow PHP best practices. Follow OOP best practices.

82. No references No globals No short tags Type Hinting UTF-8

    PSR-x …

83. but also CSS, HTML, JavaScript, Twig, etc …

84. to summarize: also follow best practices for every tool you

    use,

85. but also the one for the web ecosystem, software development

    and project management.

86. QUESTIONS ? QUESTIONS ?

87. THANK YOU ! THANK YOU !