{"id":355,"date":"2014-04-28T22:28:39","date_gmt":"2014-04-28T22:28:39","guid":{"rendered":"http:\/\/blog.soton.ac.uk\/orion\/?p=355"},"modified":"2014-05-01T15:30:09","modified_gmt":"2014-05-01T15:30:09","slug":"libraries","status":"publish","type":"post","link":"https:\/\/blog.soton.ac.uk\/orion\/implementation\/libraries\/","title":{"rendered":"Design Patterns, Libraries and APIs"},"content":{"rendered":"

During our development of the LeapIn.it prototype<\/a>, we have used a number of design patterns, libraries and API’s. This post will give an overview of the most crucial of these.<\/p>\n

\"Libraries<\/a>
Libraries (blue), APIs (red) and design patterns (green) used within the LeapIn.it prototype, and where they are used.<\/figcaption><\/figure>\n

Server<\/h3>\n

The server is responsible for creating a REST interface for database access. As mentioned in our post on architecture<\/a>, we have chosen to use RedBeanPHP to communicate with the database, and Slim.php as a REST endpoint. We have also used tokens for security, PHPImageWorkshop for thumbnail generation and AlchemyAPI for sentiment analysis.<\/p>\n

Database access through RedBean<\/b><\/p>\n

RedBean<\/a> is an Object-Relational Mapping (ORM), meaning that records in the database are available as objects. For example, the following PHP code may be used to change a person that exists in the database:<\/p>\n

\/\/ Load the person with ID 209 from the database\r\n$person = R::load('person', 209);\r\n\/\/ Get their name\r\n$name = $person->name;\r\n\/\/ Change their name\r\n$person->name = 'Joel';\r\n\/\/ Update the database\r\nR::store($person);<\/pre>\n
Using RedBean results in simple and more maintainable code when accessing the database. It also provides security over direct SQL queries, as it prevents SQL injection.<\/p>\n
REST interface through Slim.php<\/b><\/p>\n
Slim<\/a> provides a simple way to create a REST endpoint on the server, which we use to allow clients to interact with the database.<\/p>\n
As an example, the following code allows a user to create a user. First, the client will sent a POST request to ‘\/api\/person’ with\u00a0the username and password in the request body. All interactions with the database are done through RedBean (denoted by R). Using Slim.php, we listen for that response. In addition, we use middleware to ensure that all interactions are in JavaScript Object Notation (JSON) – this is done by adding the variable $requestJSON in the first line. The body of the function first checks if the username is already in use, and if not, creates a “person” with a username and a password (which is stored as a SHA1 hash for security). An avatar is then created by copying a random template (there are about 50 avatar templates in the database by default). The person is then stored in the database and exported as REST to the HTTP response.<\/p>\n
 \r\n$app->post('\/person\/', $requestJSON, function () use (&$app, &$params) {\r\n\tif (R::findOne('person', ' username = ? ', array($params->username))) {\r\n\t\t$app->render(401, [\r\n\t\t\t'msg' => 'Username already in use.'\r\n\t\t]);\r\n\t} else {\r\n\t\t$person = R::dispense('person');\r\n\t\t$person->username = $params->username;\r\n\t\t$person->password = sha1($params->password);\r\n\r\n\t\t$avatar = R::dup(R::findOne('avatar', ' ORDER BY RAND() LIMIT 1 '));\r\n\t\t$avatar->bgcolor = randomColor();\r\n\t\t$person->avatar = $avatar;\r\n\t\t$person->joined = time();\r\n\r\n\t\tR::store($person);\r\n\r\n\t\t$app->render(201, [\r\n\t\t\t'response' => exportPerson($person)\r\n\t\t]);\r\n\t}\r\n});<\/pre>\n
Security through tokens<\/b><\/p>\n
Because the server and client will reside in different domains, it is not possible to use cookies for authentication. Instead, we have used tokens, which are unique random strings assigned to authenticated users, which they must provide whenever they make a request to the server. This is based on a model provided in this Stack Exchange discussion<\/a>.<\/p>\n
The token is sent as part of the URL. For example, to request a room, the token would be placed on then end: http:\/\/leapin.it\/api\/room\/4?token=[user's token]<\/code><\/p>\n
This is not actually safe over HTTP, as the token may be observed by third parties who see the URL. If a person were to steal a token, they would be able to authenticate themselves as the user by appending the token to the end of URL’s. This is known as session hijacking<\/a>. To prevent this, encryption will need to be used, ideally through SSL.<\/p>\n
Checking for tokens is done as middleware within Slim.php. The middleware is a function which validates that a token exists and identifies the user it belongs to:<\/p>\n
$validateToken = function () use ($app) {\r\n\t$tokenKey = $app->request()->params('token');\r\n\terror_log('checking token ' . $tokenKey);\r\n\t$token = R::findOne('token', ' `key` = ? ', array($tokenKey));\r\n\terror_log('ok');\r\n\tif ($token !== null) {\r\n\t\terror_log('found token with user', $token->person_id);\r\n\t\t$user = R::load('person', $token->person_id);\r\n\t}\r\n\tif (isset($user) && $user->id !== 0) {\r\n\t\t$app->user = $user;\r\n\t} else {\r\n\t\terror_log('no user');\r\n\t\t$app->render(401, [\r\n\t\t\t'msg' => 'Unauthorized.'\r\n\t\t]);\r\n\t}\r\n};<\/pre>\n
This can then be used when defining a request response, as shown below when fetching a user:<\/p>\n
 \r\n$app->get('\/person\/:id\/', $requestJSON, $validateToken, function ($id) use (&$app, &$params) {\r\n    $person = R::load('person', intval($id));\r\n    $app->render(200, ['result' => exportPerson($person)]);\r\n});<\/pre>\n
Thumbnails using PHPImageWorkshop<\/b><\/p>\n
When viewing posts on the cleint, hexagon thumbnails are displayed to form a honeycomb. These thumbnails are generated using PHPImageWorkshop<\/a>. As an example, the following code loads a picture, crops it to the largest square possible, and then resizes it to 100×100 pixels. Finally, it save the file.<\/p>\n
$layer = ImageWorkshop::initFromPath($file);\r\n$layer->cropMaximumInPixel(0, 0, 'MM');\r\n$layer->resizeInPixel(100, 100)\r\nimagepng($layer->getResult(), 'thumb.png');<\/pre>\n
Sentiment analysis through AlchemyAPI<\/b><\/p>\n
To form the honeycomb, all posts needed to be converted to thumbnails, including text. Simply displaying text in a small hexagon would not be effective – it would be too small and cramped to read. Instead, we wanted to display a preview of what the text may contain. We therefore form a preview comprising of the following:<\/p>\n