Skip to main content
Code Review

Return to Answer

added 6 characters in body
Source Link
Mike Brant
Mike Brant
  • 9.9k
  • 14
  • 24
// likely stored in configuration somewhere
$request_config = (object) [
    'https_required' => true,
    'https_forward_allowed' => true
    'http_accept' => [
        'application/json' => true,
        'xml/text' => false
    ],
    // other configurations you may need to validate a request or perhaps
    // determine its routing
];

$response_config = (object) [
    'cors_headers' => [
        'Access-Control-Allow-Origin: *',
        'Access-Control-Allow-Headers: origin, content-type, accept, authorization',
        'Access-Control-Allow-Methods: POST'
    ],
    'content-type' => 'application/json'
    // any other things you may want to configure in response
];

// instantiate response object based on configuration
try {
    // perhaps throw exception if configuration is bad
    $response = new Response($response_config);
} catch (Exception $e) {
    error_log(
        'Unable to build Response object. '
  .
       . 'Exception message: "' . $e-getMessage . '"'
    );
    http_response_code(500);
    exit;
}

// try to build a valid request object
try {
    // instantiate request object
    // this instantiation should throw Exception (with reason) if you
    // get an unexpected request.
    // this request object constructor could check request headers
    // against expected values, try to to marshall (json_decode) the POSTed data
    // etc. and fail out with exception if request falls outside expected.
    $request = new Request($request_config);
} catch (Exception $e) {
    error_log(
        'Unable to build ResquestRequest object. '
  .
       . 'Exception message: "' . $e-getMessage . '"'
    );
    $response->set_error_code(400);
    $response->set_error_message('Bad Request');
    // call method which sends response, but would also be responsible
    // for sending appropriate method (like with internal class class to 
    // (send_headers()) or similar method.
    $response->send();
    exit;
}

// now you have valid Request object you can work with and do things like:
$post_data = json_decode($request->raw_input>get_post_data();

// maybe pass to the posted data to some class or otehr logic which builds
// a data structure for return.
$response->set_data(json_encode($some_data));
$response->send();
exit;

// likely stored in configuration somewhere
$request_config = (object) [
    'https_required' => true,
    'https_forward_allowed' => true
    'http_accept' => [
        'application/json' => true,
        'xml/text' => false
    ],
    // other configurations you may need to validate a request or perhaps
    // determine its routing
];

$response_config = (object) [
    'cors_headers' => [
        'Access-Control-Allow-Origin: *',
        'Access-Control-Allow-Headers: origin, content-type, accept, authorization',
        'Access-Control-Allow-Methods: POST'
    ],
    'content-type' => 'application/json'
    // any other things you may want to configure in response
];

// instantiate response object based on configuration
try {
    // perhaps throw exception if configuration is bad
    $response = new Response($response_config);
} catch (Exception $e) {
    error_log(
        'Unable to build Response object. '
         . 'Exception message: "' . $e-getMessage . '"'
    );
    http_response_code(500);
    exit;
}

// try to build a valid request object
try {
    // instantiate request object
    // this instantiation should throw Exception (with reason) if you
    // get an unexpected request.
    // this request object constructor could check request headers
    // against expected values, try to to marshall (json_decode) the POSTed data
    // etc. and fail out with exception if request falls outside expected.
    $request = new Request($request_config);
} catch (Exception $e) {
    error_log(
        'Unable to build Resquest object. '
         . 'Exception message: "' . $e-getMessage . '"'
    );
    $response->set_error_code(400);
    $response->set_error_message('Bad Request');
    // call method which sends response, but would also be responsible
    // for sending appropriate method (like with internal class class to 
    // (send_headers()) or similar method.
    $response->send();
    exit;
}

// now you have valid Request object you can work with and do things like:
$post_data = json_decode($request->raw_input);

// maybe pass to the posted data to some class or otehr logic which builds
// a data structure for return.
$response->set_data(json_encode($some_data));
$response->send();
exit;

// likely stored in configuration somewhere
$request_config = (object) [
    'https_required' => true,
    'https_forward_allowed' => true
    'http_accept' => [
        'application/json' => true,
        'xml/text' => false
    ],
    // other configurations you may need to validate a request or perhaps
    // determine its routing
];

$response_config = (object) [
    'cors_headers' => [
        'Access-Control-Allow-Origin: *',
        'Access-Control-Allow-Headers: origin, content-type, accept, authorization',
        'Access-Control-Allow-Methods: POST'
    ],
    'content-type' => 'application/json'
    // any other things you may want to configure in response
];

// instantiate response object based on configuration
try {
    // perhaps throw exception if configuration is bad
    $response = new Response($response_config);
} catch (Exception $e) {
    error_log(
        'Unable to build Response object. ' .
        'Exception message: "' . $e-getMessage . '"'
    );
    http_response_code(500);
    exit;
}

// try to build a valid request object
try {
    // instantiate request object
    // this instantiation should throw Exception (with reason) if you
    // get an unexpected request.
    // this request object constructor could check request headers
    // against expected values, try to to marshall (json_decode) the POSTed data
    // etc. and fail out with exception if request falls outside expected.
    $request = new Request($request_config);
} catch (Exception $e) {
    error_log(
        'Unable to build Request object. ' .
        'Exception message: "' . $e-getMessage . '"'
    );
    $response->set_error_code(400);
    $response->set_error_message('Bad Request');
    // call method which sends response, but would also be responsible
    // for sending appropriate method (like with internal class class to 
    // (send_headers()) or similar method.
    $response->send();
    exit;
}

// now you have valid Request object you can work with and do things like:
$post_data = $request->get_post_data();

// maybe pass to the posted data to some class or otehr logic which builds
// a data structure for return.
$response->set_data(json_encode($some_data));
$response->send();
exit;
Source Link
Mike Brant
Mike Brant
  • 9.9k
  • 14
  • 24

If you are truly trying to decouple the request handling and response building from the service definition (i.e. build a template), you might want common classes which could accept some service configuration information containing things such as:

  • CORS configuration
  • Security configuration (is secure request required)
  • Support HTTP action verbs

And perform some of the basics around building the request and response objects

Imagine a template which looks like this:

// likely stored in configuration somewhere
$request_config = (object) [
    'https_required' => true,
    'https_forward_allowed' => true
    'http_accept' => [
        'application/json' => true,
        'xml/text' => false
    ],
    // other configurations you may need to validate a request or perhaps
    // determine its routing
];

$response_config = (object) [
    'cors_headers' => [
        'Access-Control-Allow-Origin: *',
        'Access-Control-Allow-Headers: origin, content-type, accept, authorization',
        'Access-Control-Allow-Methods: POST'
    ],
    'content-type' => 'application/json'
    // any other things you may want to configure in response
];

// instantiate response object based on configuration
try {
    // perhaps throw exception if configuration is bad
    $response = new Response($response_config);
} catch (Exception $e) {
    error_log(
        'Unable to build Response object. '
        . 'Exception message: "' . $e-getMessage . '"'
    );
    http_response_code(500);
    exit;
}

// try to build a valid request object
try {
    // instantiate request object
    // this instantiation should throw Exception (with reason) if you
    // get an unexpected request.
    // this request object constructor could check request headers
    // against expected values, try to to marshall (json_decode) the POSTed data
    // etc. and fail out with exception if request falls outside expected.
    $request = new Request($request_config);
} catch (Exception $e) {
    error_log(
        'Unable to build Resquest object. '
        . 'Exception message: "' . $e-getMessage . '"'
    );
    $response->set_error_code(400);
    $response->set_error_message('Bad Request');
    // call method which sends response, but would also be responsible
    // for sending appropriate method (like with internal class class to 
    // (send_headers()) or similar method.
    $response->send();
    exit;
}

// now you have valid Request object you can work with and do things like:
$post_data = json_decode($request->raw_input);

// maybe pass to the posted data to some class or otehr logic which builds
// a data structure for return.
$response->set_data(json_encode($some_data));
$response->send();
exit;

Note that the thought here is to define classes which can encapsulate the logic around validating the request against expected request headers. You make this functionality more usable and extensable in this fashion. For example, say you want to add an authentication/authorization component in your application. You could ideally just have to modify the Request class to handle the extra logic around validating authentication information.

Outside of that, a few other thoughts:

  • $REQUEST_PROTOCOL = $isSecure ? 'https' : 'http'; What is this here for as it doesn't seem to be used anywhere else.
  • You have a few lines of code that are really long. Try to keep your lines under 80 characters.
  • You seem to start building your $response array out of order. Where you define the empty array is several lines past the first time you try to set information into that array.