middlewares / ideas Goto Github PK

Middleware to negotiate the charset and convert the response body accordinly.

More so than an idea I have a question on what the best approach is to handling middleware that needs to run for specific routes. For example I have some routes that a user needs to be logged in to access or they should be redirected to a login page. I also have checks for permissions and other items that could be ran as middleware for a specific route. Ideally I would like to define those items as part of the route definition. One of the ways I found to do this is have a dispatcher with the desired middlewares and a callable at the end of the middleware stack. Here is an example of what I mean:

  $r->addRoute(['GET', 'OPTIONS'], '/user/edit',
        new Dispatcher([
            // handler to redirect to login page if not logged in
            (new isNotLoggedInRedirectHandler),
            // handler to show access denied if user doesn't have permission
            (new PermissionsHandler)
                ->hasPermission(['editUser'),
            // code for the actual edit user page
            new CallableHandler( 'HandlerOnceTheseSpecificChecksHaveRun' )
        ])
    );

Although this approach does work I just wanted to see if this was an acceptable solution? Is there a "better" way to solve this issue?

Middleware to create the Link headers to implement server push for css, js, images, etc.

I found these middlewares for laravel:

• https://github.com/JacobBennett/laravel-HTTP2ServerPush
• https://github.com/tomschlick/laravel-http2-server-push

Other interesting links:

• https://css-tricks.com/cache-aware-server-push/

This could be a port (or improvement) of jsonvalidator: existing currently in psr7-middlewares: https://github.com/oscarotero/psr7-middlewares#jsonvalidator
Here's other similar package: https://github.com/moffe42/json-schema-middleware

I'm planning to create 4 middleware related projects, allowing clients to additional deal with callable middlewares:

1. middleware/is-delegate
2. middleware/is-middleware
3. middleware/to-delegate, casting/adapting DelegateInterface instances and callable delegates to DelegateInterface instances.
4. middleware/to-middleware, casting/adapting MiddlewareInterface instances and callable delegates to MiddlewareInterface instances.

I'm always shilly shally about project names. For example:

• is-delegatable sounds better, but
• is-middlewarable may sounds weird, or doesn't it?

@middlewares/contributors Thoughts are welcome.

Middleware to turn all .jsonp requests into a jsonp response.

References:

• https://github.com/robertodecurnex/rack-jsonp-middleware

is there a middleware for device identification? For example a middleware that will add a custom attribute or attributes that identify a device? IE. "_deviceMake" => "iPhone 12"

Here are some example libraries for this:
https://github.com/serbanghita/Mobile-Detect/
https://github.com/matomo-org/device-detector
https://github.com/jenssegers/agent

A middleware for CSRF (Cross Site Request Forgery) should be really usefull but brings some chalenges:

• How to manage the session?
• How make it easy to work with ajax?

References:

• https://github.com/oscarotero/psr7-middlewares#csrf
• https://github.com/paragonie/anti-csrf
• https://github.com/Ocramius/PSR7Csrf
• https://github.com/slimphp/Slim-Csrf

It's like CSP but instead of controlling security, it controls features. More info:
https://developers.google.com/web/updates/2018/06/feature-policy

A middleware to decrypt incoming and encrypt outgoing cookies.
It could use a JWT implementation or php-encription.

Maybe it could provide some security features:

• Filter allowed cookies (and remove the others)
• Ensure all cookies have directives like secure, httponly, etc...

I have some places where I check the referring route. In order to do this I had to create a function that produces the referring route and accounts for the base path. I haven't seen a middleware for this so I figured I would see if it makes sense to make this into a middleware.

function getRefererRoute(ServerRequestInterface $request, string $basePath) {
    $httpReferer = $request->getServerParams()["HTTP_REFERER"] ?? false;
    if ($httpReferer == false) {
        return "";
    }

    $parsedURL = parse_url($httpReferer);
    $route = $parsedURL['path'];

    if (substr($route, 0, strlen($basePath)) == $basePath) {
        $route = substr($route, strlen($basePath));
    }

    return $route;
}

I would like to see a module that allows pre-handler validation based on the name of the route and the method of the HTTP request.

For me the best option would be loading 'input_filter_specs' from a configuration referencing the route name and the HTTP method (something like ['login' => ['POST' => ], 'rottax' => ['GET' => ]]).

Thanks for the incredible work you're doing.

Best regards,
Massi.

I would like to see a PSR-15 middleware, that can modify requested uri according to http headers set by proxy server like X-Forwarded-Host, X-Forwarded-Port etc.

Like this one https://github.com/akrabat/proxy-detection-middleware

I asked about support for X-Sendfile under Apache and X-Accel under NGINX in Diactoros, and @Ocramius suggested this be implemented as middleware.

I don't have the time to investigate this idea further at the moment, but figured I would at least post it here for others to ponder :-)

A middleware to change the urls of the page using 301 redirects, to be SEO friendly.
More info: https://support.google.com/webmasters/answer/93633?hl=en

A middleware to create Public-Key-Pins header. More info:
https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning

There's a library for that: https://github.com/paragonie/hpkp-builder

Middleware for limiting how often individual user can make requests or execute any action. Like #3 it brings some challenges: how to manage the data (session, database, etc...)

Some referencies:

• https://github.com/jakiestfu/Throttle
• https://github.com/penoonan/throttle
• https://github.com/davedevelopment/stiphle
• etc..

Prophiler is a "A PHP Profiler & Developer Toolbar" according to it's website. So far it seems to be nicer and more similar to Symfony's toolbar (which is awesome) than php debugbar.

It already has a PSR-7 middleware implementation, but it doesn't support PSR-15:

• https://github.com/bitExpert/prophiler-psr7-middleware

This is something I did in psr7-middlewares. It's a middleware to include php files, usefull if you want to adapt old-style websites to the middleware approach. Let's say we have a website with the following files:

site/
    index.php
    about.php
    contact.php

Each page has it's own php file, so the urls are something like http://example.com/about.php, http://example.com/contact.php, etc. The middleware allow to use urls like http://example.com/about, include the php file, capture the output body and headers and return a response with that. It works as a wrapper for old websites.
I needed this in an old project and worked fine, the only problem I found was related with global variables, but was easy to solve.

A set of PSR-15 middlewares to provide server/client Auth2 implementations using

• http://oauth2.thephpleague.com
• http://oauth2-client.thephpleague.com

Here's an article with a nice method to manage files in PUT, etc requests:
https://blog.alejandrocelaya.com/2017/03/06/managing-put-requests-with-file-uploads-in-psr-7-and-middleware-php-applications/

Not sure if this can be used in the real world

Not sure about this, due league/route uses a double pass signature and PSR-15 has a single pass, so it is incompatible with other router sytems like aura.router and fastroute.
Anyway, a PSR-15 wrapper could be useful, creating the response before execute the route handler.

A middleware to fix html responses automatically using the Tidy extension for PHP

There's a Laravel middleware for reference: https://github.com/Stolz/laravel-html-tidy

For the PSR-7-middlewares there exist a Middleware which uses Mobile_Detect. This middleware is missing for PSR-15.

A middleware to work with JSONx format:

• The incoming request with Content-Type: application/xml will be converted to json request
• The outgoing response with a Content-Type: application/json header will be converted to xml response.

References:

• A JSONx library for PHP: https://github.com/danharper/jsonx
• A JSONx for PSR7 library: https://github.com/danharper/JSONx-for-PSR7
• A Laravel middleware: https://github.com/danharper/JSONx-for-Laravel

A simple webmention client.

https://www.w3.org/TR/webmention/#sender-notifies-receiver

A middleware to process incoming and outgoing cookies that can provide some functionalities:

• Add automatically some flags like:
  • SameSite more info
  • httponly, secure, etc
• Encrypt/decrypt values
• etc.

A middleware to convert a html response to pdf. We can use something like this: https://github.com/KnpLabs/snappy
The workflow could be something like this:

• A pdf request is received
• The middleware converts to html request (optionally)
• The middleware receives the html response
• If the response is OK (200), converts to pdf and change the Content-Type.

@mindplay-dk created this package to send log messages to google chrome.
Maybe, the package should provide the middleware, but I leave it here anyway, just in case.

Not sure if this is already available, but a middleware that would make routes case insensitive could be useful. I ran into this recently with a route that I named "oAuth", but later tried to access using "oauth".

The small list of middleware at relay/middleware is mostly obviated by the AwesomeMiddlewares list. However, the ResponseSender appears to have no corollary. https://github.com/relayphp/Relay.Middleware/blob/1.x/src/ResponseSender.php

Would you be interested in me converting it to PSR-15 and contributing for maintenance here? Then I can retire relay/middleware entirely.

If not, no big deal. Thanks for providing this resource.

There are instances where I don't want the 'X-Powered-By' header in my responses. Removing them can be a bit pesky though because PHP drops them into the response. To deal with it I put together a simple middleware that removes them. Not sure if it should have a repo, but I find it useful. See below:

<?php

declare(strict_types=1);

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;

class RemovePoweredByHeader implements MiddlewareInterface {

    /**
     * Process a server request and return a response.
     */
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface {
       $response = $handler->handle($request);

       if (ini_get('expose_php')) {
              // prevent php from inserting a X-Powered-By header
              header_remove('X-Powered-By');
        }
        // remove the X-Powered-By header from the response
        return $response->withoutHeader('X-Powered-By');
        return $response;
    }
}

A set of PSR-15 middlewares to provide server/client indieweb/indieauth implementation, possibly:

• indieauth/client
• inklings.io/laravel-indieauth-client