Create API Service in CodeIgniter 4 with Request Filtering
In CodeIgniter 4, there is a trait that specialized to be used for API, named CodeIgniter\API\ResponseTrait
for that, that consist of collection of functionality to build a response. How about request filtering ? We will need a filter class that implements CodeIgniter\Filters\FilterInterface
interface.
For example, we are going to create a /api/ping
api service, which will returns time value, we can create controller as follow:
<?php // application/Controllers/Api/Ping.php declare(strict_types=1); namespace App\Controllers\Api; use function time; use CodeIgniter\API\ResponseTrait; use CodeIgniter\Controller; use CodeIgniter\HTTP\ResponseInterface; final class Ping extends Controller { use ResponseTrait; public function index(): ResponseInterface { return $this->respond(['ack' => time()]); } }
Without filtering, we can call url and got result like the following based on Accept header, for example, for application/xml
, it will get:
➜ ~ curl -i -H "Accept: application/xml" http://localhost:8080/api/ping HTTP/1.1 200 OK Host: localhost:8080 Date: Sat, 22 Sep 2018 01:11:30 -0500 Connection: close X-Powered-By: PHP/7.2.9 Cache-control: no-store, max-age=0, no-cache Content-Type: application/xml; charset=UTF-8 Debugbar-Time: 1537596690 Debugbar-Link: http://localhost:8080/index.php/?debugbar_time=1537596690 <?xml version="1.0"?> <response><ack>1537596690</ack></response>
and when it changed to application/json
, it will get:
➜ ~ curl -i -H "Accept: application/json" http://localhost:8080/api/ping HTTP/1.1 200 OK Host: localhost:8080 Date: Sat, 22 Sep 2018 01:11:53 -0500 Connection: close X-Powered-By: PHP/7.2.9 Cache-control: no-store, max-age=0, no-cache Content-Type: application/json; charset=UTF-8 Debugbar-Time: 1537596713 Debugbar-Link: http://localhost:8080/index.php/?debugbar_time=1537596713 { "ack": 1537596713 }
Let’s try create filter it to only allow the “POST” request! We can create filter as follow:
<?php // application/Filters/PostRequestOnly.php declare(strict_types=1); namespace App\Filters; use CodeIgniter\Filters\FilterInterface; use CodeIgniter\HTTP\RequestInterface; use CodeIgniter\HTTP\ResponseInterface; use Config\Services; final class PostRequestOnly implements FilterInterface { public function before(RequestInterface $request) { if ($request->getMethod() === 'post') { return; } return Services::response() ->setStatusCode(ResponseInterface::HTTP_METHOD_NOT_ALLOWED); } public function after(RequestInterface $request, ResponseInterface $response) { } }
In above PostRequestOnly
filter, we are allowing request only for “POST”, other request methods will get response with “Method Not Allowed” (405). To make it work, we need register it into Config\Filters
::$aliases
class under application
directory, and ensure it applied into Config\Filters
::$filters
to register specific uri for the filter, as follow:
<?php // application/Config/Filters.php // ... use App\Filters\PostRequestOnly; class Filters extends BaseConfig { public $aliases = [ // ... 'postRequestOnly' => PostRequestOnly::class, ]; // ... public $filters = [ // ... 'postRequestOnly' => [ 'before' => [ 'api/ping', ], ], ]; }
That’s it! Now, when we try to see different result with GET
and POST
, it will get the following response:
GET: Method Not Allowed 405
➜ ~ curl -i -H "Accept: application/json" -X GET http://localhost:8080/api/ping HTTP/1.1 405 Method Not Allowed Host: localhost:8080 Date: Sat, 22 Sep 2018 13:12:22 +0700 Connection: close X-Powered-By: PHP/7.2.9 Cache-control: no-store, max-age=0, no-cache Content-Type: text/html; charset=UTF-8
POST: Got Response OK 200
➜ ~ curl -i -H "Accept: application/json" -X POST http://localhost:8080/api/ping HTTP/1.1 200 OK Host: localhost:8080 Date: Sat, 22 Sep 2018 01:12:54 -0500 Connection: close X-Powered-By: PHP/7.2.9 Cache-control: no-store, max-age=0, no-cache Content-Type: application/json; charset=UTF-8 Debugbar-Time: 1537596774 Debugbar-Link: http://localhost:8080/index.php/?debugbar_time=1537596774 { "ack": 1537596774 }
Upload File with Validation in CodeIgniter 4
In CodeIgniter 4, there is CodeIgniter\Validation\FileRules
that can be used out of the box from validate()
from controllers that we can using it on upload process.
For example, we have an upload form page with flow as follow:
- Display form at /form page with “avatar” file field
- Process form at /form/process with validations:
- is uploaded
- is mime in image/jpg,image/jpeg,image/gif,image/png
- the max size is less or equal than 4MB
- On valid upload, we move uploaded file to writable/uploads directory.
Before we start, please ensure that you’re using latest CodeIgniter4
develop branch by clone it:
$ git clone https://github.com/bcit-ci/CodeIgniter4.git
If you already have it, ensure to pull latest develop branch via command:
$ cd CodeIgniter4 $ git checkout develop $ git remote add upstream https://github.com/bcit-ci/CodeIgniter4.git $ git pull upstream develop
Most of the time, the updated code in the CodeIgniter4
repository will be core framework (system) and its tests
, so, if we need to be always up to date framework, we can create new branch based on develop
branch, for example:
$ git checkout -b tutorial-upload
Then, we can regularly rebase against develop :
$ git checkout develop && git pull upstream develop $ git checkout tutorial-upload && git rebase develop
Enough with introduction, let’s start with code!
1. Display Form
<?php // application/Views/form.php $validationErrors = $this->config->plugins['validation_errors']; helper('form'); echo form_open( 'form/process', [ 'enctype' => 'multipart/form-data' ] ); echo form_input('avatar', '', '', 'file'); echo $validationErrors(['field' => 'avatar']); echo form_submit('Send', 'Send'); echo form_close();
Above, we display form with form helpers, and display validation errors by get it in validation_errors
key in plugins.
To make it a form page, we can create a Form controller as follow:
<?php // application/Controllers/Form.php namespace App\Controllers; use CodeIgniter\Controller; class Form extends Controller { public function index() { return view('form'); } }
To see the page, let’s fire a command:
$ php spark serve
The form page is now displayed at http://localhost:8080/form
or http://localhost:8080/form/index
like below:
2. Upload validation
We are going to use “form/process” page for file upload validation, so, we can create an process()
function at the Form controller:
class Form extends Controller { // ... public function process() { // verify if request method is POST if ($this->request->getMethod() !== 'post') { return redirect('index'); } // validation $validated = $this->validate([ 'avatar' => [ 'uploaded[avatar]', 'mime_in[avatar,image/jpg,image/jpeg,image/gif,image/png]', 'max_size[avatar,4096]', ], ]); if ($validated) { // Business! } return redirect('index')->withInput(); } }
On above process()
function, the validate()
call supply the rules of avatar field needed, which are uploaded, mime_in, and max_size which we can found as functions at CodeIgniter\Validation\FileRules
. When it is valid, it will returns true. We redirect back to /form/index
with bring validation errors that saved in session flash with key _ci_validation_errors
to be allowed to be displayed once in the next request like below:
3. Move uploaded file to writable/uploads
directory
We have a WRITEPATH
constant that refers to writable directory, and we can use its “$request->getFile(‘avatar’)->move()” to it, so when we have validated, we can do:
if ($validated) { $avatar = $this->request->getFile('avatar'); $avatar->move(WRITEPATH . 'uploads'); }
That’s it! The complete Form
controller class can be as follow:
<?php // application/Controllers/Form.php namespace App\Controllers; use CodeIgniter\Controller; class Form extends Controller { public function index() { return view('form'); } public function process() { if ($this->request->getMethod() !== 'post') { return redirect('index'); } $validated = $this->validate([ 'avatar' => [ 'uploaded[avatar]', 'mime_in[avatar,image/jpg,image/jpeg,image/gif,image/png]', 'max_size[avatar,4096]', ], ]); if ($validated) { $avatar = $this->request->getFile('avatar'); $avatar->move(WRITEPATH . 'uploads'); } return redirect('index')->withInput(); } }
leave a comment