Merge pull request #261 from dotkernel/issue-259

Implement content-negociation
dotkernel · May 27, 2024 · eeff618 · eeff618
2 parents 5c5624f + baeab52
commit eeff618
Show file tree

Hide file tree

Showing 6 changed files with 342 additions and 9 deletions.
diff --git a/config/autoload/content-negotiation.global.php b/config/autoload/content-negotiation.global.php
@@ -0,0 +1,22 @@
+<?php
+
+declare(strict_types=1);
+
+return [
+    'content-negotiation' => [
+        'default'         => [ // default to any route if not configured above
+            'Accept'       => [
+                'application/json',
+                'application/hal+json',
+            ],
+            'Content-Type' => [
+                'application/json',
+                'application/hal+json',
+            ],
+        ],
+        'your.route.name' => [
+            'Accept'       => [],
+            'Content-Type' => [],
+        ],
+    ],
+];
diff --git a/config/pipeline.php b/config/pipeline.php
@@ -5,6 +5,7 @@
 use Api\App\Handler\NotFoundHandler;
 use Api\App\Middleware\AuthenticationMiddleware;
 use Api\App\Middleware\AuthorizationMiddleware;
+use Api\App\Middleware\ContentNegotiationMiddleware;
 use Dot\ErrorHandler\ErrorHandlerInterface;
 use Dot\ResponseHeader\Middleware\ResponseHeaderMiddleware;
 use Mezzio\Application;
@@ -48,9 +49,6 @@
     // Register the routing middleware in the middleware pipeline.
     // This middleware registers the Mezzio\Router\RouteResult request attribute.
     $app->pipe(RouteMiddleware::class);
-    $app->pipe(ResponseHeaderMiddleware::class);
-    $app->pipe(AuthenticationMiddleware::class);
-    $app->pipe(AuthorizationMiddleware::class);
 
     // The following handle routing failures for common conditions:
     // - HEAD request but no routes answer that method
@@ -62,9 +60,16 @@
     $app->pipe(ImplicitOptionsMiddleware::class);
     $app->pipe(MethodNotAllowedMiddleware::class);
 
+    $app->pipe(ContentNegotiationMiddleware::class);
+
+    $app->pipe(ResponseHeaderMiddleware::class);
+
     // Seed the UrlHelper with the routing results:
     $app->pipe(UrlHelperMiddleware::class);
 
+    $app->pipe(AuthenticationMiddleware::class);
+    $app->pipe(AuthorizationMiddleware::class);
+
     // Add more middleware here that needs to introspect the routing results; this
     // might include:
     //
@@ -74,7 +79,6 @@
 
     // Register the dispatch middleware in the middleware pipeline
     $app->pipe(DispatchMiddleware::class);
-
     // At this point, if no Response is returned by any middleware, the
     // NotFoundHandler kicks in; alternately, you can provide other fallback
     // middleware to execute.

diff --git a/src/App/src/ConfigProvider.php b/src/App/src/ConfigProvider.php
@@ -13,6 +13,7 @@
 use Api\App\Factory\TokenGenerateCommandFactory;
 use Api\App\Middleware\AuthenticationMiddleware;
 use Api\App\Middleware\AuthorizationMiddleware;
+use Api\App\Middleware\ContentNegotiationMiddleware;
 use Api\App\Middleware\ErrorResponseMiddleware;
 use Api\App\Service\ErrorReportService;
 use Api\App\Service\ErrorReportServiceInterface;
@@ -63,6 +64,7 @@ public function getDependencies(): array
                 'dot-mail.service.default'            => MailServiceAbstractFactory::class,
                 AuthenticationMiddleware::class       => AuthenticationMiddlewareFactory::class,
                 AuthorizationMiddleware::class        => AnnotatedServiceFactory::class,
+                ContentNegotiationMiddleware::class   => AnnotatedServiceFactory::class,
                 Environment::class                    => TwigEnvironmentFactory::class,
                 TwigExtension::class                  => TwigExtensionFactory::class,
                 TwigRenderer::class                   => TwigRendererFactory::class,

diff --git a/src/App/src/Middleware/ContentNegotiationMiddleware.php b/src/App/src/Middleware/ContentNegotiationMiddleware.php
@@ -0,0 +1,161 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Api\App\Middleware;
+
+use Dot\AnnotatedServices\Annotation\Inject;
+use Laminas\Diactoros\Response\JsonResponse;
+use Laminas\Http\Response;
+use Mezzio\Router\RouteResult;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+
+use function array_filter;
+use function array_intersect;
+use function array_map;
+use function explode;
+use function in_array;
+use function is_array;
+use function str_contains;
+use function strtok;
+use function trim;
+
+class ContentNegotiationMiddleware implements MiddlewareInterface
+{
+    /**
+     * @Inject({"config.content-negotiation"})
+     */
+    public function __construct(private array $config)
+    {
+    }
+
+    public function process(
+        ServerRequestInterface $request,
+        RequestHandlerInterface $handler
+    ): ResponseInterface {
+        $routeResult = $request->getAttribute(RouteResult::class);
+        if (! $routeResult instanceof RouteResult || $routeResult->isFailure()) {
+            return $handler->handle($request);
+        }
+
+        $routeName = (string) $routeResult->getMatchedRouteName();
+
+        $accept = $this->formatAcceptRequest($request->getHeaderLine('Accept'));
+        if (! $this->checkAccept($routeName, $accept)) {
+            return $this->notAcceptedResponse('Not Acceptable');
+        }
+
+        $contentType = $request->getHeaderLine('Content-Type');
+        if (! $this->checkContentType($routeName, $contentType)) {
+            return $this->unsupportedMediaTypeResponse(
+                'Unsupported Media Type'
+            );
+        }
+
+        $response = $handler->handle($request);
+
+        $responseContentType = $response->getHeaderLine('Content-Type');
+        if (
+            ! $this->validateResponseContentType(
+                $responseContentType,
+                $accept
+            )
+        ) {
+            return $this->notAcceptedResponse(
+                'Unable to resolve Accept header to a representation'
+            );
+        }
+
+        return $response;
+    }
+
+    public function formatAcceptRequest(string $accept): array
+    {
+        $accept = array_map(function ($item) {
+            return trim(strtok($item, ';'));
+        }, explode(',', $accept));
+
+        return array_filter($accept);
+    }
+
+    public function checkAccept(string $routeName, array $accept): bool
+    {
+        if (in_array('*/*', $accept, true)) {
+            return true;
+        }
+
+        $acceptList = $this->config['default']['Accept'] ?? [];
+        if (isset($this->config[$routeName])) {
+            $acceptList = $this->config[$routeName]['Accept'] ?? [];
+        }
+
+        if (is_array($acceptList)) {
+            return ! empty(array_intersect($accept, $acceptList));
+        } else {
+            return in_array($acceptList, $accept, true);
+        }
+    }
+
+    public function checkContentType(string $routeName, string $contentType): bool
+    {
+        if (empty($contentType)) {
+            return true;
+        }
+        $acceptList = $this->config['default']['Content-Type'] ?? [];
+        if (isset($this->config[$routeName])) {
+            $acceptList = $this->config[$routeName]['Content-Type'] ?? [];
+        }
+
+        if (is_array($acceptList)) {
+            return in_array($contentType, $acceptList, true);
+        } else {
+            return $contentType === $acceptList;
+        }
+    }
+
+    public function notAcceptedResponse(string $message): JsonResponse
+    {
+        return new JsonResponse([
+            'error' => [
+                'messages' => [
+                    $message,
+                ],
+            ],
+        ], Response::STATUS_CODE_406);
+    }
+
+    public function unsupportedMediaTypeResponse(string $message): JsonResponse
+    {
+        return new JsonResponse([
+            'error' => [
+                'messages' => [
+                    $message,
+                ],
+            ],
+        ], Response::STATUS_CODE_415);
+    }
+
+    public function validateResponseContentType(?string $contentType, array $accept): bool
+    {
+        if (in_array('*/*', $accept, true)) {
+            return true;
+        }
+
+        if (null === $contentType) {
+            return false;
+        }
+
+        $accept = array_map(function ($item) {
+            return str_contains($item, 'json') ? 'json' : $item;
+        }, $accept);
+
+        if (str_contains($contentType, 'json')) {
+            $contentType = 'json';
+        }
+
+        return in_array($contentType, $accept, true);
+    }
+}
diff --git a/test/Functional/AbstractFunctionalTest.php b/test/Functional/AbstractFunctionalTest.php
@@ -159,7 +159,7 @@ protected function get(
         string $uri,
         array $queryParams = [],
         array $uploadedFiles = [],
-        array $headers = [],
+        array $headers = ['Accept' => 'application/json'],
         array $cookies = []
     ): ResponseInterface {
         $request = $this->createRequest(
@@ -180,7 +180,7 @@ protected function post(
         array $parsedBody = [],
         array $queryParams = [],
         array $uploadedFiles = [],
-        array $headers = [],
+        array $headers = ['Accept' => 'application/json'],
         array $cookies = []
     ): ResponseInterface {
         $request = $this->createRequest(
@@ -201,7 +201,7 @@ protected function patch(
         array $parsedBody = [],
         array $queryParams = [],
         array $uploadedFiles = [],
-        array $headers = [],
+        array $headers = ['Accept' => 'application/json'],
         array $cookies = []
     ): ResponseInterface {
         $request = $this->createRequest(
@@ -222,7 +222,7 @@ protected function put(
         array $parsedBody = [],
         array $queryParams = [],
         array $uploadedFiles = [],
-        array $headers = [],
+        array $headers = ['Accept' => 'application/json'],
         array $cookies = []
     ): ResponseInterface {
         $request = $this->createRequest(
@@ -241,7 +241,7 @@ protected function put(
     protected function delete(
         string $uri,
         array $queryParams = [],
-        array $headers = [],
+        array $headers = ['Accept' => 'application/json'],
         array $cookies = []
     ): ResponseInterface {
         $request = $this->createRequest(