Messages and PSR-7

WellRESTed uses the PSR-7 interfaces for HTTP messages. This section provides an introduction to working with these interfaces and the implementations provided with WellRESTed. For more information, please read about PSR-7.

Requests

The $request variable passed to handlers and middleware represents the request message sent by the client. You can inspect this variable to read information such as the request path, method, query, headers, and body.

Let’s start with a very simple GET request to the path /cats/?color=orange.

GET /cats/?color=orange HTTP/1.1
Host: example.com
Cache-control: no-cache

You can read information from the request in your handler like this:

class MyHandler implements RequestHandlerInterface
{
    public function handle(ServerRequestInterface $request): ResponseInterface
    {
        $path = $request->getRequestTarget();
        // "/cats/?color=orange"

        $method = $request->getMethod();
        // "GET"

        $query = $request->getQueryParams();
        /*
            Array
            (
                [color] => orange
            )
        */
    }
}

This example shows that you can use:

  • getRequestTarget() to read the path and query string for the request
  • getMethod() to read the HTTP verb (e.g., GET, POST, OPTIONS, DELETE)
  • getQueryParams() to read the query as an associative array

Headers

The request above also included a Cache-control: no-cache header. You can read this header a number of ways. The simplest way is with the getHeaderLine($name) method.

Call getHeaderLine($name) and pass the case-insensitive name of a header. The method will return the value for the header, or an empty string if the header is not present.

class MyHandler implements RequestHandlerInterface
{
    public function handle(ServerRequestInterface $request): ResponseInterface
    {
        // This message contains a "Cache-control: no-cache" header.
        $cacheControl = $request->getHeaderLine("cache-control");
        // "no-cache"

        // This message does not contain any authorization headers.
        $authorization = $request->getHeaderLine("authorization");
        // ""
    }
}

Note

All methods relating to headers treat header field names case insensitively.

Because HTTP messages may contain multiple headers with the same field name, getHeaderLine($name) has one other feature: If multiple headers with the same field name are present in the message, getHeaderLine($name) returns a string containing all of the values for that field, concatenated by commas. This is more common with responses, particularly with the Set-cookie header, but is still possible for requests.

You may also use hasHeader($name) to test if a header exists, getHeader($name) to receive an array of values for this field name, and getHeaders() to receive an associative array of headers where each key is a field name and each value is an array of field values.

Body

PSR-7 provides access to the body of the request as a stream and—when possible—as a parsed object or array. Let’s start by looking at a request with form fields made available as an array.

Parsed Body

For POST requests for forms (i.e., the Content-type header is either application/x-www-form-urlencoded or multipart/form-data), the request makes the form fields available via the getParsedBody method. This provides access to the fields without needing to rely on the $_POST superglobal.

Given this request:

POST /cats/ HTTP/1.1
Host: example.com
Content-type: application/x-www-form-urlencoded
Content-length: 23

name=Molly&color=Calico

We can read the parsed body like this:

class MyHandler implements RequestHandlerInterface
{
    public function handle(ServerRequestInterface $request): ResponseInterface
    {
        $cat = $request->getParsedBody();
        /*
            Array
            (
                [name] => Molly
                [color] => calico
            )
        */
    }
}

Body Stream

For other content types, use the getBody method to get a stream containing the contents of request entity body.

Using a JSON representation of our cat, we can make a request like this:

POST /cats/ HTTP/1.1
Host: example.com
Content-type: application/json
Content-length: 46

{
    "name": "Molly",
    "color": "Calico"
}

We can read and parse the JSON body, and even provide it as the parsedBody for later middleware or handlers like this:

class JsonParser implements MiddlewareInterface
{
    public function process(
        ServerRequestInterface $request,
        RequestHandlerInterface $handler
    ): ResponseInterface
    {
        // Parse the body.
        $cat = json_decode((string) $request->getBody());
        /*
            stdClass Object
            (
                [name] => Molly
                [color] => calico
            )
        */
        // Add the parsed JSON to the request.
        $request = $request->withParsedBody($cat);
        // Send the request to the next handler.
        return $handler->handle($request);
    }
}

Because the entity body of a request or response can be very large, PSR-7 represents bodies as streams using the Psr\Http\Message\StreamInterface (see PSR-7 Section 1.3).

The JSON example casts the stream to a string, but we can also do things like copy the stream to a local file:

// Store the body to a temp file.
$chunkSize = 2048; // Number of bytes to read at once.
$localPath = tempnam(sys_get_temp_dir(), "body");
$h = fopen($localPath, "wb");
$body = $request->getBody();
while (!$body->eof()) {
    fwrite($h, $body->read($chunkSize));
}
fclose($h);

Parameters

PSR-7 eliminates the need to read from many of the superglobals. We already saw how getParsedBody takes the place of reading directly from $_POST and getQueryParams replaces reading from $_GET. Here are some other ServerRequestInterface methods with brief descriptions. Please see PSR-7 for full details, particularly for getUploadedFiles.

Method Replaces Note
getServerParams $_SERVER Data related to the request environment
getCookieParams $_COOKIE Compatible with the structure of $_COOKIE
getQueryParams $_GET Deserialized query string arguments, if any
getParsedBody $_POST Request body as an object or array
getUploadedFiles $_FILES Normalized tree of file upload data

Attributes

ServerRequestInterface provides another useful feature called “attributes”. Attributes are key-value pairs associated with the request that can be, well, pretty much anything.

The primary use for attributes in WellRESTed is to provide access to path variables when using template routes or regex routes.

For example, the template route /cats/{name} matches routes such as /cats/Molly and /cats/Oscar. When the route is dispatched, the router takes the portion of the actual request path matched by {name} and provides it as an attribute.

For a request to /cats/Rufus:

$name = $request->getAttribute("name");
// "Rufus"

When calling getAttribute, you can optionally provide a default value as the second argument. The value of this argument will be returned if the request has no attribute with that name.

// Request has no attribute "dog"
$name = $request->getAttribute("dog", "Bear");
// "Bear"

Middleware can also use attributes as a way to provide extra information to subsequent handlers. For example, an authorization middleware could obtain an object representing a user and store is as the “user” attribute which later middleware could read.

class AuthorizationMiddleware implements MiddlewareInterface
{
    public function process(
        ServerRequestInterface $request,
        RequestHandlerInterface $handler
    ): ResponseInterface

        try {
            $user = $this->readUserFromCredentials($request);
        } catch (NoCredentialsSupplied $e) {
            return $response->withStatus(401);
        } catch (UserNotAllowedHere $e) {
            return $response->withStatus(403);
        }

        // Store this as an attribute.
        $request = $request->withAttribute("user", $user);

        // Delegate to the handler, passing the request with the "user" attribute.
        return $handler->handle($request);
    }
};

class SecureHandler implements RequestHandlerInterface
{
    public function handle(ServerRequestInterface $request): ResponseInterface
    {
        // Read the "user" attribute added by a previous middleware.
        $user = $request->getAttribute("user");

        // Do something with $user ...
    }
}

$server = new \WellRESTed\Server();
$server->add(new AuthorizationMiddleware());
$server->add(new SecureHandler()); // Must be added AFTER authorization to get "user"
$server->respond();

Responses

PSR-7 messages are immutable, so you will not be able to alter values of response properties. Instead, with* methods provide ways to get a copy of the current message with updated properties. For example, ResponseInterface::withStatus returns a copy of the original response with the status changed.

// The original response has a 500 status code.
$response->getStatusCode();
// 500

// Replace this instance with a new instance with the status updated.
$response = $response->withStatus(200);
$response->getStatusCode();
// 200

Note

PSR-7 requests are immutable as well, and we used withAttribute and withParsedBody in a few of the examples in the Requests section.

Chain multiple with methods together fluently:

// Get a new response with updated status, headers, and body.
$response = (new Response())
    ->withStatus(200)
    ->withHeader("Content-type", "text/plain")
    ->withBody(new \WellRESTed\Message\Stream("Hello, world!);

Status

Provide the status code for your response with the withStatus method. When you pass a standard status code to this method, the WellRESTed response implementation will provide an appropriate reason phrase for you. For a list of reason phrases provided by WellRESTed, see the IANA HTTP Status Code Registry.

Note

The “reason phrase” is the text description of the status that appears in the status line of the response. The “status line” is the very first line in the response that appears before the first header.

Although the PSR-7 ResponseInterface::withStatus method accepts the reason phrase as an optional second parameter, you generally shouldn’t pass anything unless you are using a non-standard status code. (And you probably shouldn’t be using a non-standard status code.)

// Set the status and view the reason phrase provided.

$response = $response->withStatus(200);
$response->getReasonPhrase();
// "OK"

$response = $response->withStatus(404);
$response->getReasonPhrase();
// "Not Found"

Headers

Use the withHeader method to add a header to a response. withHeader will add the header if not already set, or replace the value of an existing header with the same name.

// Add a "Content-type" header.
$response = $response->withHeader("Content-type", "text/plain");
$response->getHeaderLine("Content-type");
// "text/plain"

// Calling withHeader a second time updates the value.
$response = $response->withHeader("Content-type", "text/html");
$response->getHeaderLine("Content-type");
// "text/html"

To set multiple values for a given header field name (e.g., for Set-cookie headers), call withAddedHeader. withAddedHeader adds the new header without altering existing headers with the same name.

$response = $response
    ->withHeader("Set-cookie", "cat=Molly; Path=/cats; Expires=Wed, 13 Jan 2021 22:23:01 GMT;")
    ->withAddedHeader("Set-cookie", "dog=Bear; Domain=.foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT;")
    ->withAddedHeader("Set-cookie", "hamster=Fizzgig; Domain=.foo.com; Path=/; Expires=Wed, 13 Jan 2021 22:23:01 GMT;");

To check if a header exists or to remove a header, use hasHeader and withoutHeader.

// Check if a header exists.
$response->hasHeader("Content-type");
// true

// Clone this response without the "Content-type" header.
$response = $response->withoutHeader("Content-type");

// Check if a header exists.
$response->hasHeader("Content-type");
// false

Body

To set the body for the response, pass an instance implementing Psr\Http\Message\Stream to the withBody method.

$stream = new \WellRESTed\Message\Stream("Hello, world!");
$response = $response->withBody($stream);

WellRESTed provides two Psr\Http\Message\Stream implementations. You can use these, or any other implementation.

Stream

WellRESTed\Message\Stream wraps a file pointer resource and is useful for responding with a string or file.

When you pass a string to the constructor, the Stream instance uses php://temp as the file pointer resource. The string passed to the constructor is automatically stored to php://temp, and you can write more content to it using the StreamInterface::write method.

Note

php://temp stores the contents to memory, but switches to a temporary file once the amount of data stored hits a predefined limit (the default is 2 MB).

// Pass the beginning of the contents to the constructor as a string.
$body = new \WellRESTed\Message\Stream("Hello ");

// Append more contents.
$body->write("world!");

// Set the body and status code.
$response = (new Response())
    ->withStatus(200)
    ->withBody($body);

To respond with the contents of an existing file, use fopen to open the file with read access and pass the pointer to the constructor.

// Open the file with read access.
$resource = fopen("/home/user/some/file", "rb");

// Pass the file pointer resource to the constructor.
$body = new \WellRESTed\Message\Stream($resource);

// Set the body and status code.
$response = (new Response())
    ->withStatus(200)
    ->withBody($body);

NullStream

Each PSR-7 message MUST have a body, so there’s no withoutBody method. You also cannot pass null to withBody. Instead, use a WellRESTed\Messages\NullStream to provide a very simple, zero-length, no-content body.

$response = (new Response())
    ->withStatus(200)
    ->withBody(new \WellRESTed\Message\NullStream());