• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Controller Filters - Input needed

#26
OK, I think I may be getting closer here. I went through and took a look at some different existing middlewares out there (here and here), and then took a look at a couple of existing Laravel projects and how we used middleware there and had a few realizations.

1. Some common types of items apply only to one particular HTTP method, like applying CSRF/CORS or Request Throttling to all POST requests. This could also be expanded to include "methods" like 'ajax' and 'cli'.
2. Most of them (that weren't for specific forms) were applied in large groups of the site.

I went back and forth an whether my grouping by uris or by filter made more sense, worked the best overall for the site. Seeing how we were using them in other frameworks, it didn't make sense any longer to do it per controller/method as it would take a lot more work to make things correct.

With those things in mind, here's a revised example:

Code:
<?php namespace Config;

class Filters
{
    // Makes reading things below nicer,
    // and simpler to change out script that's used.
    public $aliases = [
        'isLoggedIn' => 'App\Filters\Authentication',
        'apiPrep' => [
            'App\Filters\First',
            'App\Filters\Second',
        ]
    ];

    // Always applied before every request
    public $globals = [
        'before' => [
            'isLoggedIn'               => ['except' => 'login'],
            'CodeIgniter\Filters\CSRF'
            'FullPageCache'
        ],
        'after' => ['FullPageCache' ]
    ];

    // Works on all of a particular HTTP method
    // (GET, POST, etc) as BEFORE filters only
    public $methods = [
        'post' => ['CSRF', 'throttle'],
        'ajax' => ['restrictToAJAX'],
        'cli'  => ['restrictToCLI']
    ];

    public $filters = [
        'isLoggedIn' => ['before' => ['account/*', 'profiles/*']],
        'adminAuth'  => ['before' => ['admin/*']],
        'apiPrep'    => ['before' => ['api/*']],
    ];
}

A few key points:

1. Aliases can now be groups of filters to clean things up a little more.
2. Globals can be applied before or after, and can blacklist some uri's but cannot whitelist (that's better handled in the $filters array)
3. Support for HTTP methods (and 'ajax'/'cli') has been added, but only for before actions. Not sure those make sense as after actions, but it might make sense to include them for completeness and consistency.
4. Finally, filters can have both before and after uri patterns specified.

Thoughts?
Support Development  • Practical CodeIgniter 3  •
Myth:AuthVulcan - CLI Tools for CI4
Reply


Messages In This Thread
Controller Filters - Input needed - by kilishan - 07-07-2016, 08:39 PM
RE: Controller Filters - Input needed - by arma7x - 07-10-2016, 06:46 AM
RE: Controller Filters - Input needed - by arma7x - 07-07-2016, 09:14 PM
RE: Controller Filters - Input needed - by arma7x - 07-10-2016, 11:42 PM
RE: Controller Filters - Input needed - by kilishan - 07-11-2016, 10:04 PM
RE: Controller Filters - Input needed - by arma7x - 07-12-2016, 01:55 AM
RE: Controller Filters - Input needed - by arma7x - 07-13-2016, 12:23 AM
RE: Controller Filters - Input needed - by arma7x - 07-14-2016, 12:37 AM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.