default types validation (#648)

default types validation + updated readme with instructions

Author: lcuis

README.md

@@ -597,7 +597,7 @@ You can enable the following middleware using the "middlewares" config parameter
 - "basicAuth": Support for "Basic Authentication"
 - "reconnect": Reconnect to the database with different parameters
 - "authorization": Restrict access to certain tables or columns
-- "validation": Return input validation errors for custom rules
+- "validation": Return input validation errors for custom rules and default type rules
 - "ipAddress": Fill a protected field with the IP address on create
 - "sanitation": Apply input sanitation on create and update
 - "multiTenancy": Restricts tenants access in a multi-tenant scenario
@@ -652,6 +652,7 @@ You can tune the middleware behavior using middleware specific configuration par
 - "authorization.columnHandler": Handler to implement column authorization rules ("")
 - "authorization.recordHandler": Handler to implement record authorization filter rules ("")
 - "validation.handler": Handler to implement validation rules for input values ("")
+- "validation.types": List of types for which the default validation must take place ("all")
 - "ipAddress.tables": Tables to search for columns to override with IP address ("")
 - "ipAddress.columns": Columns to protect and override with the IP address on create ("")
 - "sanitation.handler": Handler to implement sanitation rules for input values ("")
@@ -888,8 +889,12 @@ The above example will strip all HTML tags from strings in the input.
 
 ### Validating input
 
-By default all input is accepted. If you want to validate the input, you may add the 'validation' middleware and define a 
-'validation.handler' function that returns a boolean indicating whether or not the value is valid.
+By default all input is accepted unless the validation middleware is specified. The default types validations are then applied.
+
+#### Validation handler
+
+If you want to validate the input in a custom way, you may add the 'validation' middleware and define a 'validation.handler' 
+function that returns a boolean indicating whether or not the value is valid.
 
     'validation.handler' => function ($operation, $tableName, $column, $value, $context) {
         return ($column['name'] == 'post_id' && !is_numeric($value)) ? 'must be numeric' : true;
@@ -915,6 +920,43 @@ Then the server will return a '422' HTTP status code and nice error message:
 
 You can parse this output to make form fields show up with a red border and their appropriate error message.
 
+#### Validation types
+
+The default types validations return the following error messages:
+| error message | applies to types |
+| ---- | ---- |
+| cannot be null | any non-nullable column |
+| must be numeric | integer bigint |
+| exceeds range | integer bigint |
+| too long | varchar varbinary |
+| not a float | decimal float double |
+| not a valid boolean | boolean |
+| invalid date format use yyyy-mm-dd | date timestamp |
+| not a valid date | date timestamp |
+| invalid time format use hh:mm:ss | time timestamp |
+| non-numeric time value | time timestamp |
+| not a valid time | time timestamp |
+| invalid timestamp format use yyyy-mm-dd hh:mm:ss | timestamp |
+
+If you want the types validation to apply to all the types, you must activate the `validation` middleware.
+By default, all types are enabled. Which is equivalent to the two configuration possibilities:
+
+    'validation.types' => 'all',
+    
+or
+    
+    'validation.types'=> 'integer,bigint,varchar,decimal,float,double,boolean,date,time,timestamp,clob,blob,varbinary,geometry',
+
+Types with no declared error message can be checked whether null when the column is non-nullable.
+
+In case you want to use a validation handler but don't want any types validation, use either:
+
+    'validation.types' => '',
+    
+or
+    
+    'validation.types'=> 'none',
+
 ### Multi-tenancy support
 
 Two forms of multi-tenancy are supported:

api.php

@@ -8218,74 +8218,223 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
     use Psr\Http\Message\ResponseInterface;
     use Psr\Http\Message\ServerRequestInterface;
     use Psr\Http\Server\RequestHandlerInterface;
-    use Tqdev\PhpCrudApi\Column\Reflection\ReflectedTable;
     use Tqdev\PhpCrudApi\Column\ReflectionService;
+    use Tqdev\PhpCrudApi\Column\Reflection\ReflectedTable;
     use Tqdev\PhpCrudApi\Controller\Responder;
     use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
     use Tqdev\PhpCrudApi\Middleware\Router\Router;
     use Tqdev\PhpCrudApi\Record\ErrorCode;
     use Tqdev\PhpCrudApi\RequestUtils;
 
-    class ValidationMiddleware extends Middleware
-    {
-        private $reflection;
-
-        public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection)
-        {
-            parent::__construct($router, $responder, $properties);
-            $this->reflection = $reflection;
-        }
-
-        private function callHandler($handler, $record, string $operation, ReflectedTable $table) /*: ResponseInterface?*/
-        {
-            $context = (array) $record;
-            $details = array();
-            $tableName = $table->getName();
-            foreach ($context as $columnName => $value) {
-                if ($table->hasColumn($columnName)) {
-                    $column = $table->getColumn($columnName);
-                    $valid = call_user_func($handler, $operation, $tableName, $column->serialize(), $value, $context);
-                    if ($valid !== true && $valid !== '') {
-                        $details[$columnName] = $valid;
-                    }
-                }
-            }
-            if (count($details) > 0) {
-                return $this->responder->error(ErrorCode::INPUT_VALIDATION_FAILED, $tableName, $details);
-            }
-            return null;
-        }
-
-        public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
-        {
-            $operation = RequestUtils::getOperation($request);
-            if (in_array($operation, ['create', 'update', 'increment'])) {
-                $tableName = RequestUtils::getPathSegment($request, 2);
-                if ($this->reflection->hasTable($tableName)) {
-                    $record = $request->getParsedBody();
-                    if ($record !== null) {
-                        $handler = $this->getProperty('handler', '');
-                        if ($handler !== '') {
-                            $table = $this->reflection->getTable($tableName);
-                            if (is_array($record)) {
-                                foreach ($record as $r) {
-                                    $response = $this->callHandler($handler, $r, $operation, $table);
-                                    if ($response !== null) {
-                                        return $response;
-                                    }
-                                }
-                            } else {
-                                $response = $this->callHandler($handler, $record, $operation, $table);
-                                if ($response !== null) {
-                                    return $response;
-                                }
-                            }
-                        }
-                    }
-                }
-            }
-            return $next->handle($request);
-        }
+    class ValidationMiddleware extends Middleware {
+    	private $reflection;
+    	private $typesToValidate;
+
+    	public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection) {
+    		parent::__construct($router, $responder, $properties);
+    		$this->reflection = $reflection;
+    		$typesStr = $this->getProperty('types', 'all');
+    		if (is_null($typesStr)) {
+    			$typesStr = 'all';
+    		}
+    		if (strlen($typesStr) == 0) {
+    			$typesStr = 'none';
+    		}
+    		$this->typesToValidate = explode(',', $typesStr);
+    		if (is_null($this->typesToValidate) || count($this->typesToValidate) == 0) {
+    			$this->typesToValidate = ['all'];
+    		}
+    	}
+
+    	private function callHandler($handler, $record, string $operation, ReflectedTable $table) /*: ResponseInterface?*/ {
+    		$context = (array) $record;
+    		$details = array();
+    		$tableName = $table->getName();
+    		foreach ($context as $columnName => $value) {
+    			if ($table->hasColumn($columnName)) {
+    				$column = $table->getColumn($columnName);
+    				$valid = call_user_func($handler, $operation, $tableName, $column->serialize(), $value, $context);
+    				if ($valid || $valid == '') {
+    					$valid = $this->validateType($column->serialize(), $value);
+    				}
+    				if ($valid !== true && $valid !== '') {
+    					$details[$columnName] = $valid;
+    				}
+    			}
+    		}
+    		if (count($details) > 0) {
+    			return $this->responder->error(ErrorCode::INPUT_VALIDATION_FAILED, $tableName, $details);
+    		}
+    		return null;
+    	}
+
+    	private function validateType($column, $value) {
+    		if ($this->typesToValidate[0] == 'none') {
+    			return (true);
+    		}
+    		if ($this->typesToValidate[0] != 'all') {
+    			if (!in_array($column['type'], $this->typesToValidate)) {
+    				return (true);
+    			}
+    		}
+    		if (is_null($value)) {
+    			return ($column["nullable"] ? true : "cannot be null");
+    		}
+    		switch ($column['type']) {
+    		case 'integer':
+    			if (!is_numeric($value)) {
+    				return ('must be numeric');
+    			}
+
+    			if (strlen($value) > 20) {
+    				return ('exceeds range');
+    			}
+
+    			break;
+    		case 'bigint':
+    			if (!is_numeric($value)) {
+    				return ('must be numeric');
+    			}
+
+    			if (strlen($value) > 20) {
+    				return ('exceeds range');
+    			}
+
+    			break;
+    		case 'varchar':
+    			if (strlen($value) > $column['length']) {
+    				return ('too long');
+    			}
+
+    			break;
+    		case 'decimal':
+    			if (!is_float($value) && !is_numeric($value)) {
+    				return ('not a float');
+    			}
+
+    			break;
+    		case 'float':
+    			if (!is_float($value) && !is_numeric($value)) {
+    				return ('not a float');
+    			}
+
+    			break;
+    		case 'double':
+    			if (!is_float($value) && !is_numeric($value)) {
+    				return ('not a float');
+    			}
+
+    			break;
+    		case 'boolean':
+    			if ($value != 0 && $value != 1) {
+    				return ('not a valid boolean');
+    			}
+
+    			break;
+    		case 'date':
+    			$date_array = explode('-', $value);
+    			if (count($date_array) != 3) {
+    				return ('invalid date format use yyyy-mm-dd');
+    			}
+
+    			if (!@checkdate($date_array[1], $date_array[2], $date_array[0])) {
+    				return ('not a valid date');
+    			}
+
+    			break;
+    		case 'time':
+    			$time_array = explode(':', $value);
+    			if (count($time_array) != 3) {
+    				return ('invalid time format use hh:mm:ss');
+    			}
+
+    			foreach ($time_array as $t) {
+    				if (!is_numeric($t)) {
+    					return ('non-numeric time value');
+    				}
+    			}
+
+    			if ($time_array[1] < 0 || $time_array[2] < 0 || $time_array[0] < -838 || $time_array[1] > 59 || $time_array[2] > 59 || $time_array[0] > 838) {
+    				return ('not a valid time');
+    			}
+
+    			break;
+    		case 'timestamp':
+    			$split_timestamp = explode(' ', $value);
+    			if (count($split_timestamp) != 2) {
+    				return ('invalid timestamp format use yyyy-mm-dd hh:mm:ss');
+    			}
+
+    			$date_array = explode('-', $split_timestamp[0]);
+    			if (count($date_array) != 3) {
+    				return ('invalid date format use yyyy-mm-dd');
+    			}
+
+    			if (!@checkdate($date_array[1], $date_array[2], $date_array[0])) {
+    				return ('not a valid date');
+    			}
+
+    			$time_array = explode(':', $split_timestamp[1]);
+    			if (count($time_array) != 3) {
+    				return ('invalid time format use hh:mm:ss');
+    			}
+
+    			foreach ($time_array as $t) {
+    				if (!is_numeric($t)) {
+    					return ('non-numeric time value');
+    				}
+    			}
+
+    			if ($time_array[1] < 0 || $time_array[2] < 0 || $time_array[0] < 0 || $time_array[1] > 59 || $time_array[2] > 59 || $time_array[0] > 23) {
+    				return ('not a valid time');
+    			}
+
+    			break;
+    		case 'clob':
+    			break;
+    		case 'blob':
+    			break;
+    		case 'varbinary':
+    			if (((strlen($value) * 3 / 4) - substr_count(substr($value, -2), '=')) > $column['length']) {
+    				return ('too long');
+    			}
+
+    			break;
+    		case 'geometry':
+    			break;
+    		}
+    		return (true);
+    	}
+
+    	public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface{
+    		$operation = RequestUtils::getOperation($request);
+    		if (in_array($operation, ['create', 'update', 'increment'])) {
+    			$tableName = RequestUtils::getPathSegment($request, 2);
+    			if ($this->reflection->hasTable($tableName)) {
+    				$record = $request->getParsedBody();
+    				if ($record !== null) {
+    					$handler = $this->getProperty('handler', '');
+    					if ($handler !== '') {
+    						$table = $this->reflection->getTable($tableName);
+    						if (is_array($record)) {
+    							foreach ($record as $r) {
+    								$response = $this->callHandler($handler, $r, $operation, $table);
+    								if ($response !== null) {
+    									return $response;
+    								}
+    							}
+    						} else {
+    							$response = $this->callHandler($handler, $record, $operation, $table);
+    							if ($response !== null) {
+    								return $response;
+    							}
+    						}
+    					}
+    				}
+    			}
+    		}
+    		return $next->handle($request);
+    	}
     }
 }
 

docker/ubuntu16/run.sh

@@ -41,7 +41,7 @@ echo "done"
 
 echo -n "[3/4] Starting SQLServer 2017 ... "
 # run sqlserver server
-nohup /opt/mssql/bin/sqlservr --accept-eula > /root/mysql.log 2>&1 &
+nohup /opt/mssql/bin/sqlservr --accept-eula > /root/mssql.log 2>&1 &
 # create database and user on postgres
 /opt/mssql-tools/bin/sqlcmd -l 30 -S localhost -U SA -P sapwd123! >/dev/null << 'EOF'
 CREATE DATABASE [php-crud-api]

docker/ubuntu18/Dockerfile

@@ -2,6 +2,9 @@ FROM ubuntu:18.04
 
 ARG DEBIAN_FRONTEND=noninteractive
 
+ENV TZ=Etc/UTC
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
 # install: php / mysql / postgres / sqlite / tools
 RUN apt-get update && apt-get -y install \
 php-cli php-xml \

docker/ubuntu20/Dockerfile

@@ -2,6 +2,9 @@ FROM ubuntu:20.04
 
 ARG DEBIAN_FRONTEND=noninteractive
 
+ENV TZ=Etc/UTC
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
 # install: php / mysql / postgres / sqlite / tools
 RUN apt-get update && apt-get -y install \
 php-cli php-xml \