Getting Into FLOW3 (TYPO312CA)

T3CON12
Québec City, Canada

Robert Lemke

Getting into
FLOW3

T3CON12

Robert Lemke

project founder of FLOW3 and TYPO3 “Phoenix”

co-founder of the TYPO3 Association

coach, coder, consultant

36 years old

lives in Lübeck, Germany

1 wife, 2 daughters, 1 espresso machine

likes drumming

Starters
Installation

Kickstart & Hello World!

Controller, Actions, Arguments & HTTP

Domain-Driven Design

Doctrine

Forms, Validation

Main Dishes

Resources, Image Upload

Session Handling

User, Account, Authentication

Authorization

Deserts
Caching Testing

Logging Deployment

Signal-Slot I18n

Routing Espresso

T3CON12

At a Glance

FLOW3 is a web application platform
• holistic concept for your apps

• modular, extensible, package based

• pedantically clean with focus on quality

• puts a smile on developer’s faces

• free & Open Source (LGPL v3)

• backed by one of the largest Open Source projects

T3CON12

Foundation for the Next Generation CMS

TYPO3 “Phoenix” is the all-new
Enterprise CMS
• content repository, workspaces,
versions, i18n, modular UI ...

• powered by FLOW3

• compatible code base

• use TYPO3 features in FLOW3
standalone apps as you like

T3CON12

FLOW3 Website and Download

#

T3CON12

Git Clone

$ git clone --recursive git://git.typo3.org/FLOW3/Distributions/Base.git .
Cloning into ....
remote: Counting objects: 3837, done.
remote: Compressing objects: 100% (2023/2023), done.
remote: Total 3837 (delta 2007), reused 2721 (delta 1465)
Receiving objects: 100% (3837/3837), 3.49 MiB | 28 KiB/s, done.
Resolving deltas: 100% (2007/2007), done.

T3CON12

Set File Permissions

$ sudo ./flow3 core:setfilepermissions robert _www _www
FLOW3 File Permission Script

Checking permissions from here upwards.
Making sure Data and Web/_Resources exist.
Setting file permissions, trying to set ACLs via chmod ...
Done.

Linux:

$ sudo usermod -a -G www-data robert

Mac OS X:

$ sudo dscl . -append /Groups/_www GroupMembership robert

T3CON12

Set Up Database Connection
Conﬁguration/Settings.yaml

# #
# Global Settings #
# #

TYPO3:
FLOW3:
persistence:
backendOptions:
dbname: 'demo'
user: 'demo'
password: 'password'
host: '127.0.0.1'

# only on Windows:
core:
phpBinaryPathAndFilename: 'C:/path/to/php.exe'

T3CON12

Set Up Virtual Host

Apache Virtual Host

<VirtualHost *:80>
DocumentRoot /opt/local/apache2/htdocs/Talks/FLOW3/Web/
ServerName dev.flow3.rob
SetEnv FLOW3_CONTEXT Development
</VirtualHost>

<VirtualHost *:80>
DocumentRoot /opt/local/apache2/htdocs/Talks/FLOW3/Web/
ServerName flow3.rob
SetEnv FLOW3_CONTEXT Production
</VirtualHost>

T3CON12

Final Check

C lo ne t h e Be a s t

5 1 1 1
Ro bert Lem ke
D.P. F l u x t r
time ();

T3CON12

Biggest Book Store: Amazon

T3CON12

Biggest River: Amazon River

© Google

T3CON12

Smallest River: Roe River

© Google

T3CON12

Smallest River: Roe River

Smallest Book Store: Roe Books

Jus t C o de a Sh o p

5 2 1 1
Ro bert Lem ke
D.P. F l u x t r
time ();

T3CON12

Tackling the Heart of Software Development

/**
Domain-Driven Design * A Book
*
* @FLOW3Scope(“protot
ype”)
* @FLOW3Entity
A methodology which ... */
class Book {

• results in rich domain models /**
* @var string
*/
• provides a common language protected $title;

across the project team /**
* @var string
*/
• simplify the design of complex protected $isbn;
applications /**
* @var string
*/
protected $description
;
FLOW3 is the ﬁrst PHP framework
/**
tailored to Domain-Driven Design * @var integer
*/
protected $price;

T3CON12


Domain
activity or business of the user

is about

• focussing on the domain and domain logic

• accurately mapping the concepts to software

• forming a ubiquitous language among the
project members

T3CON12


Ubiquitous Language
• important prerequisite for successful
collaboration

• use the same words for

• discussion

• modeling

• development

• documentation

T3CON12


Building Blocks
• Entity: An object that is not deﬁned by its attributes, but rather by a
thread of continuity and its identity.

• Value Object: An object that contains attributes but has no
conceptual identity. They should be treated as immutable.

• Aggregate: A collection of objects that are bound together by a root
entity, otherwise known as an aggregate root. The aggregate root
guarantees the consistency of changes being made within the
aggregate by forbidding external objects from holding references to
its members.

T3CON12


Building Blocks
• Service: When an operation does not conceptually belong to any
object. Following the natural contours of the problem, you can
implement these operations in services.

• Repository: methods for retrieving domain objects should delegate
to a specialized Repository object such that alternative storage
implementations may be easily interchanged.

T3CON12


T3CON12

Object Management

FLOW3's take on Dependency Injection
• one of the ﬁrst PHP implementations
(started in 2006, improved ever since)

• object management for the whole lifecycle of all objects

• no unnecessary conﬁguration if information can be
gatered automatically (autowiring)

• intuitive use and no bad magical surprises

• fast! (like hardcoded or faster)

T3CON12

Constructor Injection

namespace AcmeDemoController;

use TYPO3FLOW3MvcControllerActionController;
use AcmeDemoServiceGreeterService;

class DemoController extends ActionController {

/**
* @var AcmeDemoServiceGreeterService
*/
protected $greeterService;

/**
* @param AcmeDemoServiceGreeterService
*/
public function __construct(GreeterService $greeterService) {
$this->greeterService = $greeterService;
}

/**
* @param string $name
*/
public function helloAction($name) {

return $this->greeterService->greet($name);
}
}

T3CON12

Setter Injection

namespace AcmeDemoController;

use TYPO3FLOW3MVCControllerActionController;


/**
* @var AcmeDemoServiceGreeterService
*/

/**
* @param AcmeDemoServiceGreeterService
*/
public function injectGreeterService(GreeterService $greeterService) {
$this->greeterService = $greeterService;
}

/**
*/

}
}

T3CON12

Property Injection

namespace TYPO3DemoController;

use TYPO3FLOW3Annotations as FLOW3;
use TYPO3FLOW3MVCControllerActionController;


/**
* @var TYPO3DemoServiceGreeterService
* @FLOW3Inject
*/

/**
*/

}
}

T3CON12

Objects.yaml

TYPO3FLOW3SecurityCryptographyRsaWalletServiceInterface:
className: TYPO3FLOW3SecurityCryptographyRsaWalletServicePhp
scope: singleton
properties:
keystoreCache:
object:
factoryObjectName: TYPO3FLOW3CacheCacheManager
factoryMethodName: getCache
arguments:
1:
value: FLOW3_Security_Cryptography_RSAWallet

T3CON12

Object Management

class Customer {

/**
* @FLOW3Inject
* @var AcmeCustomerNumberGenerator
*/
protected $customerNumberGenerator;
...
}

$customer = new Customer();
$customer->getCustomerNumber();

T3CON12

Object Management
<?php
declare(ENCODING = 'u
tf-8');
namespace TYPO3Conf
erenceDomainModel
use TYPO3FLOW3Anno Conference;
tations as FLOW3;

FLOW3 creates proxy classes /**
* Autogenerated Prox
y Class
for realizing DI and AOP magic * @FLOW3Scope(“prot
otype”)
* @FLOW3Entity
*/

• new operator is supported class Paper extends
TYPO3FLOW3Persist
Paper_Original implem
ents TYPO3FLOW3Obj
ect
enceAspectPersiste
nceMagicInterface {
/**
• proxy classes are created * @var string

on the ﬂy
* @ORMId
* @ORMColumn(length
="40")
* introduced by TYPO
3FLOW3Persistence
*/ AspectPersistenceMa
• in production context all protected $FLOW3_Per
sistence_Identifier
= NULL;
code is static private $FLOW3_AOP_P
roxy_targetMethodsAn
dGroupedAdvices = ar
ra
private $FLOW3_AOP_P
roxy_groupedAdviceCh
ains = array();
private $FLOW3_AOP_P
roxy_methodIsInAdvic
eMode = array();

/**
* Autogenerated Prox
y Method
*/
public function __co
nstruct()

T3CON12

Basic Object Persistence

// Create a new customer and persist it:
$customer = new Customer("Robert");
$this->customerRepository->add($customer);

// Find an existing customer:
$otherCustomer = $this->customerRepository->findByFirstName("Karsten");

// and delete it:
$this->customerRepository->remove($otherCustomer);

T3CON12

Validation and Doctrine Annotations

namespace TYPO3BlogDomainModel;

/**
* A Blog object
*
* @Entity
*/
class Blog {

/**
* @var string
* @validate Text, StringLength(minimum = 1, maximum = 80)
* @Column(length="80")
*/
protected $title;

/**
* @var DoctrineCommonCollectionsCollection<TYPO3BlogDomainModelPost>
* @OneToMany(mappedBy="blog")
* @OrderBy({"date" = "DESC"})
*/
protected $posts;

...

}

T3CON12

Persistence-related Annotations

@Entity Declares a class as "entity"

@Column Controls the database column related to the class
property. Very useful for longer text content
(type="text" !)

@ManyToOne Deﬁnes relations to other entities. Unlike with
@OneToMany vanilla Doctrine targetEntity does not have to be
@ManyToMany given but will be reused from the @var
@OneToOne annotation.

cascade can be used to cascade operation to
related objects.

T3CON12

Persistence-related Annotations

@var Deﬁnes the type of a property, collections can be
typed using angle brackets:
DoctrineCommonCollectionsCollection<TYPO3ConferenceDomainModelComment>

@transient The property will be ignored, it will neither be
persisted nor reconstituted

@identity Marks the property as part of an objects identity

T3CON12

Custom Queries using the Query Object Model
/**
* A PostRepository
*/
class PostRepository extends TYPO3FLOW3PersistenceRepository {

/**
* Finds posts by the specified tag and blog
*
* @param TYPO3BlogDomainModelTag $tag
* @param TYPO3BlogDomainModelBlog $blog The blog the post must refer to
* @return TYPO3FLOW3PersistenceQueryResultInterface The posts
*/
public function findByTagAndBlog(TYPO3BlogDomainModelTag $tag,
TYPO3BlogDomainModelBlog $blog) {
$query = $this->createQuery();
return $query->matching(
$query->logicalAnd(
$query->equals('blog', $blog),
$query->contains('tags', $tag)
)
)
->setOrderings(array(
'date' => TYPO3FLOW3PersistenceQueryInterface::ORDER_DESCENDING)
)
->execute();
}
}

T3CON12

Schema Management

Running Migrations
• needed after installation or upgrade:

$ ./flow3 doctrine:migrate

T3CON12

Schema Management

Manual database updates
• for simple situations this can be good enough:

$ ./flow3 doctrine:create

$ ./flow3 doctrine:update

• useful when

• you are just starting a project and have never released

T3CON12

Schema Management

Generating migrations

$ ./flow3 doctrine:migrationgenerate
Generated new migration class to "…/Version20110608074324.php"
from schema differences.
$

• Generated migrations can contain errors and should be checked
and adjusted as needed

• Migrations need to be moved to their “owning” package manually

T3CON12

Validation

Validation in FLOW3

• you do not want to code checks into your controllers

• FLOW3 separates validation from your controller’s concerns

• no PHP code needed for validation

• declared through annotations

T3CON12

Validation

Validation Models

• BaseProperties
rules defining the minimum requirements on individual properties of a
model

• BaseModel
rules or custom validators enforcing the minimum requirements on the
combination of properties of a model

• Supplemental
rules defining additional requirements on a model for a specific
situation (e.g. a certain action method)

T3CON12

Validation

Base Properties

• Validation rules deﬁned directly at the properties

/**
* @var string
* @validate StringLength(minimum = 10, maximum = 100)
*/
protected $title;

/**
* @var string
* @validate StringLength(minimum = 1, maximum = 50)
*/
protected $author;

T3CON12

Validation

Validators

• validators provided by FLOW3 can be used through their short name

• Count, Float, NotEmpty, RegularExpression, Uuid, DateTime,
NumberRange, StringLength, Alphanumeric, Integer, Number, String,
EmailAddress, Label, Raw, Text

• custom validators need to implement the ValidatorInterface

• use them by specifying the fully qualiﬁed class name
/**
* @var DambekalnsStuffDomainModelStuff
* @validate DambekalnsStuffDomainValidatorStuffValidator
*/
protected $stuff;

T3CON12

Property Mapper

$articleArray = array(
'headline' => 'Hello World!',
'story' => 'Just a demo ...'
);

$article = $mapper->convert($sourceArray, 'Acme.DemoDomainModelArticle');

T3CON12

Resource Management

Image Upload
Resources are handled like other properties in a form:

<f:form method="blog" action="update" object="{blog}" name="blog"
enctype="multipart/form-data">
<f:if condition="{blog.authorPicture}">
<img src="{f:uri.resource(resource: blog.authorPicture)}" />
</f:if>
<label for="authorPicture">Author picture</label>
<f:form.upload property="authorPicture" id="authorPicture" />
<f:form.submit value="Update"/>
</f:form>

T3CON12

Property Mapper

Allow nested object structures
For security reasons the creation of nested structure through the
property mapper is disabled by default

/**
* @return void
*/
public function initializeUpdateAction() {
$this->arguments['article']->getPropertyMappingConfiguration()
->allowCreationForSubProperty('picture');
$this->arguments['article']->getPropertyMappingConfiguration()
->allowModificationForSubProperty('picture');
}

T3CON12

Fluid

Example for assigning a string to a Fluid variable:

// in the action controller:
$this->view->assign('title', 'Welcome to Fluid');


<head>
<title>{title}</title>
</head>

T3CON12

Fluid

Variables can also be objects:

$this->view->assign('conference', $conference);

<div class="venue">
<p>Venue Street: {conference.venue.street}</p>
</div>

T3CON12

Fluid

if-then-else:

$this->view->assign('post', $blogPost);

<f:if condition="{post.comments}">
<f:then>There are some comments.</f:then>
<f:else>There are no comments.</f:else>
</f:if>

T3CON12

Fluid

for-each:

$this->view->assign('ages', array("Karsten" => 34, "Robert" => 35));

<ul>
<f:for each="{ages}" as="age" key="name">
<li>{name} is {age} year old.</li>
</f:for>
</ul>

T3CON12

Fluid

for-each:

$this->view->assign('post', $blogPost);

<f:if condition="{post.comments}">
<ul>
<f:for each="{post.comments}" as="comment" >
<li>{post.title}</li>
</f:for>
</ul>
</f:if>

T3CON12

Fluid

View helpers – in this case the link.action view helper:

{namespace f=TYPO3FluidViewHelpers}

<f:link.action action="delete" arguments="{post: post, really: 'yes'}">
Delete this post
</f:link.action>

T3CON12

Security Policy

T3CON12

Security

Cross-Site Request Forgery
• enables an attacker to execute privileged operations without being
authenticated

• the risk lies in using malicious links or forms while still being
authenticated

• imagine a link coming in through an URL shortener...

T3CON12

Security

Avoiding Cross-Site Request Forgery
• add a (truly!) random string token to each link or form

• make sure this token is correct before executing anything

• change the token as often as possible to make it impossible to send
you a working malicious link while you’re logged in

• in most cases, we can assume that it should be enough to generate
one token when you log in – that’s the default

T3CON12

Security

CSRF Protection in FLOW3
• you must not forget to add that token to any link

• FLOW3 automatically adds the CSRF token to each

• link you generate

• each form you create with Fluid

• and checks it for every call to a protected action

• the protection can be disabled using
@skipCsrfProtection on an action

T3CON12

Roadmap

http://forge.typo3.org/projects/ﬂow3-distribution-base/roadmap

T3CON12

Conference App

git://git.typo3.org/TYPO3v5/Distributions/Conference.git

T3CON12

Blog App

git://git.typo3.org/FLOW3/Applications/Blog.git

Rossmann
• second biggest drug store
in Germany
• 5,13 billion € turnover
• 31,000 employees

Customer Database
• custom persistence with CouchDB
• SOAP support
• continuous delivery
• cluster setup
by networkteam, Kiel

Amadeus
• world’s biggest
e-ticket provider
• 217 markets
• 948 million billable
transactions / year
• 2,7 billion € revenue

Social Media Suite
• central hub for social media activities
for potentially thousands of travel
agencies
• advanced form engine
• various detail improvements by AKOM360, Munich
• uses an early version of
TYPO3 Phoenix

“Our senior developers are
extremely happy with FLOW3 –

it is deﬁnitely the most
capable PHP framework we Fabian Pfütze
Project Lead
have come across
so far.”

T3CON12

Thanks for having me!

Slides: http://slideshare.net/robertlemke

Examples: http://github.com/robertlemke

Blog: http://robertlemke.com

Twitter: @robertlemke

Feedback: robert@typo3.org

FLOW3: http://ﬂow3.typo3.org

Getting Into FLOW3 (TYPO312CA)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (9)

Similar to Getting Into FLOW3 (TYPO312CA)

Similar to Getting Into FLOW3 (TYPO312CA) (20)

More from Robert Lemke

More from Robert Lemke (20)

Recently uploaded

Recently uploaded (20)

Getting Into FLOW3 (TYPO312CA)