Blog

I write on blua.blue, dev.to and groups.hyvor.com

Scaffolding REST APIs with JWT authentication

repo

Scaffolding an API?

While walking students through a neoan3 tutorial the other day, I noticed a demo I built could actually be used to scaffold an API for all kind of use-cases. The result of what I built went far beyond the original plan: to create a simple backend for testing and developing. Through to the architecture of this creator tool, one can use it to quickly set up a simple API and later built it out to be a scalable and robust production solution. That's right! A cli-based generator of API endpoints that scaffolds a solid backend for you.

First, let's have a look at setting it up.

Prerequisites

All you need is a local PHP installation (7.4), composer and neoan3-cli (make sure you install it globally and that it is available in your path)

Installation

composer create-project sroehrl/scaffold-api
cd scaffold-api
neoan3 develop

At this point you should see that the server started on localhost:8080. All endpoints are exposed at localhost:8080/api.v1/

What now?

The app already ships with authentication based on JWT, so we can use our existing app (or postman?) to register a user:

POST /api.v1/users

You can make changes to the register & login behavior by going to "/models/users/users.model.php", but by default, the model expects at least

  • userName and
  • password

as fields. You can add whatever else you want to store to the user. Once created, the API will respond with a status code of 200, as well as your user-object and a JWT token.

NOTE: per default, all custom endpoints require a valid baerer token. So unless you fire at the login (POST /api.v1/users/auth) or the registration (POST /api.v1/users), you will need to use this token as authorization header (look at the javascript examples in the readme).

Custom endpoints

Now the interesting part: Authentication is the starting point, but what then? A simple command creates additional endpoints:

php scaffold tags for example, will generate the following files:

/component/tags/tags.ctrl.php and /model/tags/tag.model.php

Their content will make the following endpoints available:

POST /api.v1/tags creates new tag

PUT /api.v1/tags/:tag-id updates a tag

GET /api.v1/tags lists/searches for tags (get-parameters with conditions can be used)

GET /api.v1/tags/:tag-id retrieves specific tag by id.

Want to make your endpoint public for now? Simply comment out Stateless::restrict() in component/tags/tags.ctrl.php in the appropriate method function.

So far so good. Now simply send a POST call with a json-payload to /api.v1/tags and you have your first tag.

Let me know what you think!

image

CSS Grid or CSS framework - are they really exclusive?

Grid-based or framework - there are many articles about this choice. But why is that even a thing?

image

Scaffolding REST APIs with JWT authentication

Ever had the need for your own backend while developing your web-app?

image

What is composer?

Composer has become PHP's package & dependency manager. Why you should use it.

image

MySQL: ERROR1364 fix

The painful realization of why people use containers.

image

Cyber wars: Defending your server

Maintaining your own server can be a thrill. High security standards can protect you from data leakage, injection attacks and DDoS attempts. But what about adaptive brute force?

Git: globally change GitHub-remotes from git@ to https

Does your IDE or composer set remote repositories to ssh rather than https? Or are repositories you are using set up that way? You are not alone. Let's fix it once and for all!

VueJS & neoan3: a love story.

Setting up neoan3 to play nice with Vue isn't hard. Here is how the two frameworks are combined to support fast, dynamic and rapid development.

image

MySQL in PHP - how to deal with databases

How I handle MYSQL database transactions in PHP

Install PHP 7.4 on Ubuntu

Finally PHP 7.4 is out! You have read about the new features, you have followed externals, you have gathered ideas on how new capabilities will save time. Let's get it running.

How to install global npm packages without sudo on Ubuntu

Running npm on a server can be painful. Privileges are there for a reason, and so is sudo. Running npm with sudo is not the solution.

image

Static content pages - still the fastest web-experience

Tutorial: How to utilize blua.blue to generate static content for your website.

image

blua.blue PHP SDK

Create your own blog.

image

dev.to plugin for headless CMS blua.blue (part 2)

A solution to supplying plugins to blua.blue

image

Cross publishing to dev.to

How to publish your content to dev.to from blua.blue - hopefully

Transformer - falling in love with PHP's magic methods all over again

PHP's magic functions have been around for a long time. But there were always good reasons to avoid them. Transformer is a practical and reliable way to make use of the most common operations we program: CRUD operations.

The Uselessness of Pre-Assessment

After almost two decades in the industry, new jobs will still ask you for "assessment tests". A little rant...

image

SEO strategies for blua.blue

How to get your content listed where you want it to.

image

How to Build an Express App in Node That Reads From a Headless CMS

A headless CMS lets you design your own front-end, sometimes your own back-end. Let's set up a small application to get us started. Beginner friendly. Approx. 20 min. to reproduce / follow along

image

Help us document neoan3

Over 4000 brave developers are exploring the framework on their own.

image

When politics kill innovation

How misunderstood diversity killed the PHP Central Europe Conference for good.