Parser/builder for filters from API query parameters.
It is just a parser/builder for filters, it is not a place for business logic so it should be wrapped by your class if you want to be more strict about filters. Same if you want different settings per entity/table, it should be done by a specific wrapper around this library.
- Installation
- Usage
- Supported filters
- Tuples in filters
- Examples
- Functions in filters
- Exceptions and error handling
- Development
composer require lmc/api-filter
For example lets have query parameters from following request
GET http://host/endpoint/?field=value
// in DI container/factory
$apiFilter = new ApiFilter();
$apiFilter->registerApplicator(...); // optional, when you want to use non-standard implementation
// in service/controller/...
$filters = $apiFilter->parseFilters($request->query->all());
// [
// 0 => Lmc\ApiFilter\Filter\FilterWithOperator {
// private $title => 'eq'
// private $operator => '='
// private $column => 'field'
// private $value => Lmc\ApiFilter\Entity\Value {
// private $value => 'value'
// }
// }
// ]
- requires
doctrine/orm
installed - applying filters uses cloned
QueryBuilder
-> originalQueryBuilder
is untouched
// in EntityRepository/Model
$queryBuilder = $this->createQueryBuilder('alias');
$queryBuilder = $apiFilter->applyFilters($filters, $queryBuilder);
// or one by one
foreach ($filters as $filter) {
$queryBuilder = $apiFilter->applyFilter($filter, $queryBuilder);
}
// get prepared values for applied filters
$preparedValues = $apiFilter->getPreparedValues($filters, $queryBuilder); // ['field_eq' => 'value']
// get query
$queryBuilder
->setParameters($preparedValues)
->getQuery();
// in EntityRepository/Model
$queryBuilder = $this->createQueryBuilder('alias');
$apiFilter
->applyFilters($filters, $queryBuilder) // query builder with applied filters
->setParameters($apiFilter->getPreparedValues($filters, $queryBuilder)) // ['field_eq' => 'value']
->getQuery();
- ❗it is just a naive implementation and should be used carefully❗
- it still might be used on simple
SQL
s withoutORDER BY
,GROUP BY
etc. because it simply adds filters as aWHERE
conditions
SQL Applicator
must be registered explicitly
// in DI container
$apiFilter->registerApplicator(new SqlApplicator(), Priority::MEDIUM);
// in Model/EntityRepository
$sql = 'SELECT * FROM table';
$sql = $apiFilter->applyFilters($filters, $sql); // "SELECT * FROM table WHERE 1 AND field = :field_eq"
// or one by one
foreach ($filters as $filter) {
$sql = $apiFilter->applyFilter($filter, $sql);
}
// get prepared values for applied filters
$preparedValues = $apiFilter->getPreparedValues($filters, $sql); // ['field_eq' => 'value']
// execute query
$stmt = $connection->prepare($sql);
$stmt->execute($preparedValues);
// in EntityRepository/Model
$sql = 'SELECT * FROM table';
$stmt = $connection->prepare($apiFilter->applyFilters($filters, $sql)); // SELECT * FROM table WHERE 1 AND field = :field_eq
$stmt->execute($apiFilter->getPreparedValues($filters, $sql)); // ['field_eq' => 'value']
GET http://host/endpoint/?field[eq]=value
GET http://host/endpoint/?field=value
Both examples ☝ are equal
GET http://host/endpoint/?field[neq]=value
GET http://host/endpoint/?field[gt]=value
GET http://host/endpoint/?field[gte]=value
GET http://host/endpoint/?field[lt]=value
GET http://host/endpoint/?field[lte]=value
GET http://host/endpoint/?type[in][]=one&type[in][]=two
Tuples
are not allowed inIN
filter
GET http://host/endpoint?fullName=(Jon,Snow)
- there is much more options and possibilities with
functions
which you can see here
Tuples
- are important in filters if you have some values, which must be sent together
- are composed of two or more values (
Tuple
of one value is just a value) - items must be in
(
)
and separated by,
array
inTuple
must be in[
]
and items separated by;
- it is advised NOT to use a space between values because of the URL specific behavior
- for more information about
Tuples
see https://github.com/MortalFlesh/MFCollectionsPHP#immutabletuple
Columns declared by Tuple
behaves the same as a single value but its value must be a Tuple
as well.
Columns can contain a filter specification for each value.
- default filter is
EQ
for a single value andIN
for an array of values (inTuple
)
Values in the Tuple
must have the same number of items as is the number of columns.
Values can contain a filter specification for all values in a Tuple
.
❗NOTE: A filter specification must not be in both columns and values.
GET http://host/endpoint/?(first,second)[eq]=(one,two)
☝ means that you have two columns first
and second
and they must be sent together.
Column first
must equal
the value "one"
and column second
must equal
the value "two"
.
❗For simplicity of examples, they are shown on the SQL Applicator
which is NOT auto-registered❗
GET http://host/person/?type[in][]=student&type[in][]=admin&name=Tom
$parameters = $request->query->all();
// [
// "type" => [
// "in" => [
// 0 => "student"
// 1 => "admin"
// ]
// ],
// "name" => "Tom"
// ]
$filters = $apiFilter->parseFilters($parameters);
$sql = 'SELECT * FROM person';
foreach ($filters as $filter) {
$sql = $apiFilter->applyFilter($filter, $sql);
// 0. SELECT * FROM person WHERE 1 AND type IN (:type_in_0, :type_in_1)
// 1. SELECT * FROM person WHERE 1 AND type IN (:type_in_0, :type_in_1) AND name = :name_eq
}
$preparedValues = $apiFilter->getPreparedValues($filters, $sql);
// [
// 'type_in_0' => 'student',
// 'type_in_1' => 'admin',
// 'name_eq' => 'Tom',
// ]
GET http://host/person/?age[gt]=18&age[lt]=30
$parameters = $request->query->all();
// [
// "age" => [
// "gt" => 18
// "lt" => 30
// ],
// ]
$filters = $apiFilter->parseFilters($parameters);
$sql = 'SELECT * FROM person';
$sql = $apiFilter->applyFilters($filters, $sql); // SELECT * FROM person WHERE 1 AND age > :age_gt AND age < :age_lt
$preparedValues = $apiFilter->getPreparedValues($filters, $sql); // ['age_gt' => 18, 'age_lt' => 30]
GET http://host/person/?(firstname,surname)=(John,Snow)
$parameters = $request->query->all(); // ["(firstname,surname)" => "(John,Snow)"]
$sql = 'SELECT * FROM person';
$filters = $apiFilter->parseFilters($parameters);
// [
// 0 => Lmc\ApiFilter\Filter\FilterWithOperator {
// private $title => "eq"
// private $operator => "="
// private $column => "firstname"
// private $value => Lmc\ApiFilter\Entity\Value {
// private $value => "John"
// }
// },
// 1 => Lmc\ApiFilter\Filter\FilterWithOperator {
// private $title => "eq"
// private $operator => "="
// private $column => "surname"
// private $value => Lmc\ApiFilter\Entity\Value {
// private $value => "Snow"
// }
// }
// ]
$sql = $apiFilter->applyFilters($filters, $sql); // SELECT * FROM person WHERE 1 AND firstname = :firstname_eq AND surname = :surname_eq
$preparedValues = $apiFilter->getPreparedValues($filters, $sql); // ['firstname_eq' => 'John', 'surname_eq' => 'Snow']
GET http://host/person/?fullName=Jon Snow
GET http://host/person/?fullName[eq]=Jon Snow
Result:
- column: fullName
filters: eq
value: Jon Snow
By single values
GET http://host/person/?firstName=Jon&surname=Snow
GET http://host/person/?firstName[eq]=Jon&surname[eq]=Snow
By Tuples
GET http://host/person/?(firstName,surname)=(Jon,Snow)
GET http://host/person/?(firstName,surname)[eq]=(Jon,Snow)
GET http://host/person/?(firstName[eq],surname[eq])=(Jon,Snow)
Result:
- column: firstName
filters: eq
value: Jon
- column: surname
filters: eq
value: Snow
You can mix all types of filters (tuples, explicit, implicit).
By single values
GET http://host/person/?age[gte]=18&age[lt]=30&category[in][]=serious&category[in][]=marriage&sense-of-humor=true
By Tuples
GET http://host/person/?(age[gte],age[lt],category,sense-of-humor)=(18,30,[serious;marriage],true)
Result:
- column: age
filters: gte
value: 18
- column: age
filters: lt
value: 30
- column: category
filters: in
value: [ serious, marriage ]
- column: sense-of-humor
filters: eq
value: true
By single values
GET http://host/movie/?year[gte]=2018&rating[gte]=80&genre[in][]=action&genre[in][]=fantasy
By Tuples
GET http://host/movie/?(year[gte],rating[gte],genre)=(2018,80,[action;fantasy])
Result:
- column: year
filters: gte
value: 2018
- column: rating
filters: gte
value: 80
- column: genre
filters: in
value: [ action, fantasy ]
With function you can handle all kinds of problems, which might be problematic with just a simple filters like eq
, etc.
Let's see how to work with functions and what is required to do. We will show it right on the example.
GET http://host/endpoint?fullName=(Jon,Snow)
☝️ example above shows what we want to offer to our consumers. It's easy and explicit enough.
It may even hide some inner differences, for example with simple filters, database column must have same name as field in filter, but with function, we can change it.
Let's say that in database we have something like:
type Person = {
first_name: string
lastname: string
}
First of all, you have to define functions you want to use.
// in DI container/factory
$apiFilter = new ApiFilter();
$apiFilter->declareFunction(
'fullName',
[
new ParameterDefinition('firstName', 'eq', 'first_name'), // parameter name and field name are different, so we need to define it
'lastname`, // parameter name and field name are the same and we use the implicit `eq` filter, so it is defined simply
]
);
Method declareFunction
will create a function with filters based on parameters.
There is also registerFunction
method, which allows you to pass any function you want. This may be useful when you dont need filter functionality at all or have some custom storage, etc.
Now when request with ?fullName=(Jon,Snow)
come, ApiFilter
can parse it to:
// in service/controller/...
$sql = 'SELECT * FROM person';
$filters = $apiFilter->parseFilters($request->query->all());
// [
// 0 => Lmc\ApiFilter\Filter\FilterFunction {
// private $title => 'function'
// private $column => 'fullName'
// private $value => Lmc\ApiFilter\Entity\Value {
// private $value => Closure
// }
// },
//
// 1 => Lmc\ApiFilter\Filter\FunctionParameter {
// private $title => 'function_parameter'
// private $column => 'firstName'
// private $value => Lmc\ApiFilter\Entity\Value {
// private $value => 'Jon'
// }
// },
//
// 2 => Lmc\ApiFilter\Filter\FunctionParameter {
// private $title => 'function_parameter'
// private $column => 'lastname'
// private $value => Lmc\ApiFilter\Entity\Value {
// private $value => 'Snow'
// }
// }
// ]
$appliedSql = $apiFilter->applyFilters($filters, $sql);
// SELECT * FROM person WHERE first_name = :firstName_function_parameter AND lastname = :lastname_function_parameter
$preparedValues = $apiFilter->getPreparedValues($filters, $sql);
// [
// 'firstName_function_parameter' => 'Jon',
// 'lastname_function_parameter' => 'Snow',
// ]
All examples below results the same. We have that many options, so we can allow as many different consumers as possible.
### Explicit function call
GET http://host/endpoint?fullName=(Jon,Snow)
### Explicit function call with values
GET http://host/endpoint?function=fullName&firstName=Jon&lastname=Snow
### Implicit function call by values
GET http://host/endpoint?firstName=Jon&lastname=Snow
### Explicit function call by tuple
GET http://host/endpoint?(function,firstName,surname)=(fullName, Jon, Snow)
### Implicit function call by tuple
GET http://host/endpoint?(firstName,surname)=(Jon, Snow)
### Explicit function call by filter parameter
GET http://host/endpoint?filter[]=(fullName,Jon,Snow)
To declare
or register
function, you have to define its parameters. There are many ways/needs to do it.
This is the easiest way to do it. You just define a name.
It means:
- you want
eq
filter (orIN
for array) and the column name and parameter name are the same - the value for this parameter is mandatory
$apiFilter->declareFunction('fullName', ['firstName', 'surname']);
This allows you to pass more options for a paramater.
If you declare it just by giving the only item, it is the same as definition by string above.
$apiFilter->declareFunction('fullName', [['firstName'], ['surname']]);
It means
firstName
parameter useseq
filter, hasfirst_name
column in storage and is mandatorysurname
parameter useseq
filter, haslastname
column in storage and its value isSnow
(which will always be used and no value can override it)
$apiFilter->declareFunction('fullName', [
['firstName', 'eq', 'first_name'],
['surname', 'eq', 'lastname', 'Snow']
]);
This allows you to pass same options as with the array, but explicitly defined object. (It even has some special constructor methods to simplify creation)
$apiFilter->declareFunction('fullName', [
new ParameterDefinition('firstName', 'eq', 'first_name'),
new ParameterDefinition('surname', 'eq', 'lastname, new Value('Snow'))
]);
All options can be combined to best suite the parameter.
$apiFilter->declareFunction('fullNameGrownMan', [
['firstName', 'eq', 'first_name'],
'surname',
['age', 'gte', 'age', 18],
ParameterDefinition::equalToDefaultValue('gender', new Value('male')),
]);
GET http://endpoint/host?fullNameGrownMan=(Jon,Snow)
Example below is just for explicit demonstration, you should probably never allow execute SQL queries like this.
// in DI container/factory
$apiFilter = new ApiFilter();
$apiFilter->registerFunction(
'sql',
['query'],
function (\PDO $client, FunctionParameter $query): \PDOStatement {
return $client->query($query->getValue()->getValue());
}
);
// in service/controller/...
$statement = $apiFilter->executeFunction('sql', $queryParameters, $client); // \PDOStatement
$statement->execute();
// fetch result, etc...
All examples below results the same. We have that many options, so we can allow as many different consumers as possible.
### Explicit function call
GET http://endpoint/host?sql=SELECT * FROM person
### Explicit function call with values
GET http://host/endpoint?function=sql&query=SELECT * FROM person
### Implicit function call by values
GET http://host/endpoint?query=SELECT * FROM person
### Explicit function call by tuple
GET http://host/endpoint?(function,query)=(sql, SELECT * FROM person)
### Explicit function call by filter parameter
GET http://host/endpoint?filter[]=(sql, SELECT * FROM person)
Known exceptions occurring inside ApiFilter implements Lmc\ApiFilter\Exception\ApiFilterExceptionInterface
. The exception tree is:
Exception | Thrown when |
---|---|
ApiFilterExceptionInterface | Common interface of all ApiFilter exceptions |
└ InvalidArgumentException | Base exception for assertion failed |
└ UnknownFilterException | Unknown filter is used in query parameters |
└ UnsupportedFilterableException | This exception will be thrown when no applicator supports given filterable. |
└ UnsupportedFilterException | This exception should not be thrown on the client side. It is meant for developing an ApiFilter library - to ensure all Filter types are supported. |
└ TupleException | Common exception for all problems with a Tuple . It also implements MF\Collection\Exception\TupleExceptionInterface which might be thrown inside parsing. |
Please note if you register a custom applicator to the ApiFilter (via $apiFilter->registerApplicator()
), it may throw other exceptions which might not implement ApiFilterExceptionInterface
.
composer install
composer all
- defineAllowed: (this should be on DI level)
- Fields (columns)
- Filters
- Values
- add more examples:
- different configuration per entity/table