如何建立类似于Laravel的单一入口点架构? [英] How to set up a single entry point architecture similar to Laravel's?

问题描述

尽管我努力寻找有关如何为使用PHP构建的Web应用程序设置安全的单入口点体系结构的教程，但我仍然找不到一个好的.谁知道，也许我的搜索查询很糟糕... 查看Laravel的代码似乎是个好主意，但这是使您头脑清醒的好方法.太多的事情让我无法理解.

Despite my efforts to find a tutorial on how to set up a secure, single entry point architecture for a web application built with PHP, I've not been able to find a good one. Who knows, maybe my search queries were bad... Looking at Laravel's code seemed like a good idea, but it's a good way to get your head spinning. There's just too much going on there for me to understand.

话虽这么说，我将如何创建一种既易于应用到应用又安全(例如防止本地文件包含在内)的架构呢?

That being said, how would I go about for creating such an architecture that is both simple to apply to an app and secure (e.g. protect against local file inclusions) at the same time?

推荐答案

首先，您需要将所有请求重定向到单个PHP文件.您可以在Apache上的 .htaccess 中执行此操作，或者在其他服务器上执行该操作.

First of all, you need to redirect all your requests to a single PHP file. That part you do in .htaccess on Apache or it's counterparts on other servers.

然后，您需要探索在$_SERVER中可以看到哪些数据.使用$_SERVER['PATH_INFO']很常见，但是选择取决于您重写请求的精确程度.

Then you need to explore what data you can see in $_SERVER. It's quite common to use $_SERVER['PATH_INFO'], but the choice will depend on how exactly you rewrite the request.

然后，您需要创建一个路由器，该路由器具有一个正则表达式列表，然后尝试与您获取的URL片段进行匹配.

Then you need to create a router, that has a list of regular expression and tries to match then against the URL fragment that you have acquired.

以下是一些可能会给您一些想法的示例:

Here are few example that might give you some ideas:

• '#^/(?P<page>[^/\\\\.,;?\n]+)$#'
• '#^/user/(?P<id>[0-9]+)/(?P<nickname>[^/\.,;?\n]+)$#'
• '#^(?:/test/(?P<parameter>[^/\\\\.,;?\n]+))?/mandatory$#'

• '#^/(?P<page>[^/\\\\.,;?\n]+)$#'
• '#^/user/(?P<id>[0-9]+)/(?P<nickname>[^/\.,;?\n]+)$#'
• '#^(?:/test/(?P<parameter>[^/\\\\.,;?\n]+))?/mandatory$#'

通常的做法是让这些正则表达式由更简单的符号生成，但是对于第一次迭代，您不应过多地关注它.

It is common practice tho have these regular expressions generated from much simpler notations, but for the first iteration you should not focus on it too much.

此外，如果您使用具有可选片段的表达式，则还应该提供后备"值.如果未提供fragment但模式匹配，则将这些值用作默认值.

Also, if you use expressions, that have optional fragments, you should also provide "fallback" values. These values would be used as defaults, if fragment is not provided, but pattern is matched.

在PHP中，我的所有操作方式如下:

The way I do it all looks like this in PHP:

/*
 * Routing mechanism
 */

$uri = isset( $_SERVER[ 'PATH_INFO' ] )
            ? $_SERVER[ 'PATH_INFO' ]
            : '/';

$builder = new RequestBuilder;
$request = $builder->create();
$request->setUri( $uri );

$router = new Router( new RouteBuilder );
$router->import(
    $reader->getAsArray( __DIR__ . '/config/routes.json' )
);

$router->route( $request );

此后，$request变量包含一个对象，然后您可以使用$id = $request->getParameter('id')或$controller = $request->getParameter('controller')之类的命令查询特定参数.

After this the $request variable contains an object, which then you can query for specific parameter using commands like $id = $request->getParameter('id') or $controller = $request->getParameter('controller').

如果您自己不弄乱模式，那么提取的值将可以安全地防止未经授权的文件包含.

If you do not mess up with patterns themselves, then the values, that you extract will be safe against unauthorized file inclusions.

这篇关于如何建立类似于Laravel的单一入口点架构?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！