Tips of CakePHP and MongoDB - Cakefest2011 ichikaway

Tips of
CakePHP & MongoDB

2011/9/4
CakeFest2011
Yasushi Ichikawa

I am
Yasushi Ichikawa
Ichi

@ichikaway
http://cake.eizoku.com/blog

Topic
● What's MongoDB?
● Using MongoDB with CakePHP

● Setup

● Usage

● Security

● Future

@ichikaway http://cake.eizoku.com/blog/

MongoDB

NoSQL
Performance
Scalability

Good for
● Social-Apps
● Calculation on distributed servers

● log analysis

● Questionnaire form


Terms

RDB MongoDB
Table Collection
Row Document
Column Field


Schema free
Posts Collection

id, title, body

id, name, tel, fax

id, name, nickname, email
Posts collection


Schema free
Screen
Blog Blog collection

Title xxxx Title : xxxx
Text yyyy Text : yyyy
data Tag: [tag1,tag2,tag3]
tag1,tag2,tag3 Comment:
[
Comment1 comment1,
Comment2 comment2,
Comment3 comment3
]


MongoDB operators
Find operators
$gt, $gte db.posts.find(
$lt, $lte { age : { $gt: 5 }}
$ne )
$in
$nin
$or
http://www.mongodb.org/display/DOCS/Advanced+Queries


MongoDB operators
Update operators
$inc db.posts.update(
$set { name: “Ichi” },
$push { $inc: { cnt: 1 }}
$pull )
$pop
$unset
http://www.mongodb.org/display/DOCS/Updating


Functions
● Geospatial index (location info)
● Map/Reduce

● Binary file saving (GridFS)

● Sharding

● etc


WebSite

http://kanael.net


kanael.net
●Server
● VPS(2.4GHz-2core, 1.5GMem) x 1

●Application

● 40% write, 60% read

● 300,000 ducuments


kanael.net
● Peak traffic
● 100,000+ requests/day

● CPU 75% (MongoDB 10%)


CakePHP MongoDB

Repository
github.com/ichikaway
/cakephp-mongodb/


CakePHP MongoDB

Repository
●Test files
●API documents

●Sample Applications


CakePHP MongoDB
 PHP5+
 CakePHP1.2, 1.3, 2.0-beta
 Pecl Mongo driver
 Documents
● https://github.com/ichikaway/cakephp-
mongodb/wiki


Structure
Model

CakePHP-MongoDB Datasource

MongoDB

MongoCollection

MongoCursor


Setup

Setup pecl mongo
pecl install mongo
vi php.ini
extension=mongo.so


CakePHP1.3


Setup Cake Mongo(1.3)

cd app/plugins
git clone
git://github.com/ichikaway/cakephp-
mongodb.git mongodb
vi app/config/database.php


database.php Cake1.3
class DATABASE_CONFIG {
public $default = array(
'driver' => 'mongodb.mongodbSource',
'database' => 'blog',
'host' => 'localhost',
'port' => 27017,
);


CakePHP2.0


Setup Cake Mongo(2.0)
cd app/Plugin
git clone
git://github.com/ichikaway/cakephp-
mongodb.git Mongodb
git checkout -b cake2.0 origin/cake2.0
vi app/Config/database.php

// app/Config/database.php
'datasource' => 'Mongodb.MongodbSource',
'host' => 'localhost',
'port' => 27017,
);


Load plugin Cake2.0

//app/Config/bootstrap.php
CakePlugin::load('Mongodb')


Sample Post Model
class Post extends AppModel
{
public $primaryKey = '_id';

}


Useage

find data
class PostsController extends AppController
{
public function index() {
$this->Post->find('all', $options);
}
} fields, conditions,
order, limit


Insert data
$data = array('name' => 'Ichi'
'age' => 32 );

$this->Post->save($data);

_id:xxx1, name: 'Ichi', 'age':32
Posts collection


Update data
$data = array( '_id' => 'xxx1',
'name' => 'Yasu' );
// in Cake-Mongo DataSource
$MongoCollection->update(
array('_id' => 'xxx001'),
array('$set' => array('name' => 'Yasu')),
);


$set operator
Without $set
id:xxx1, name: 'Yasu'
Posts collection

With $set
id:xxx1, name: 'Yasu', 'age':32
Posts collection


Use other
update
operators

Update operator ($inc)
$data = array( '_id' => 'xxx1',
'$inc' => array('age' => 1) );

// in Cake-Mongo DataSource
$MongoCollection->update(
array('_id' => 'xxx001'),
array('$inc' => array('age' => 1)),
);

Update operator(result)
Posts collection

_id:xxx1, name: 'Ichi', 'age':33,
Posts collection


Update operator(complex)
$data = array(
'_id' => 'xxx1',
'$inc' => array('age' => 1),
'$push' => array('tags' => array('php', 'mongo'))
);


Update operator(result)
Posts collection

_id:xxx1, name: 'Ichi', 'age':33,
tags: ['php', 'mongo']
Posts collection


Update operator
●see Wiki
● https://github.com/ichikaway/cakephp-

mongodb/wiki/How-to-use-MongoDB-update-
operators

● see test code
● testUpdate()

● testUpdateWithoutMongoSchemaProperty()


Get
Cake Mongo
DataSource
Object

Source methods
● ensureIndex()
● mapreduce()
● group()
See wiki
https://github.com/ichikaway/cakephp-mongodb/wiki/_pages


ex. make index
$ds = $this->Post->getDataSource();

$ds->ensureIndex(
$this->Post,
array('title' => 1)
);


Get
MongoDB Object


MongoDB Object
● CakeMongo DataSource
● not support all functions of MongoDB
– gridFs

– DbRef


get MongoDB Object
$mongo =
$this->Post->getMongoDb();


get MongoDB Object
$mongo->getGridFs();
$mongo->setSlaveOkay();
$mongo->createDbRef();

See php manual
http://php.net/manual/en/class.mongodb.php


Get
MongoCollection
Object

get Mongo Collection
$mongo =
$this->Model->getMongoDb();

$collection = $mongo->
selectCollection('posts');


get Mongo Collection
$collection->find();
$collection->update();
$collection->insert();
$collection->createDbRef();

See php manual
http://php.net/manual/en/class.mongocollection.php


Replica Sets


Replica sets
● master/slave replication
● automatic failover
● automatic recovery


Replica sets
Replication
Server1 Server2
Primary Secondary

Replication

Application
Server3
Server
Secondary
(CakePHP)


Replica sets
Server1 Server2
Primary Primary

Replication

Application
Server3
Server
Secondary
(CakePHP)


'driver' => 'mongodb.mongodbSource',
'replicaset' => array(
'host' =>'mongodb://loginid:password@
Server1:27021,Server2:27022/blog',
'options' => array('replicaSet' => 'myRepl')
),
);

https://github.com/ichikaway/cakephp-mongodb/wiki/How-to-connect-to-replicaset-servers


Injection
Attack


ONLY
PHP ( ； ´Д ｀ )


WHY??


Injection Attack
$user = $collection->find(array(
"username" => $_GET['username'],
"passwd" => $_GET['passwd']
));

● PHP makes array data from GET/POST request
●
ex. login.php?username=admin&passwd[$ne]=1


Injection Attack
$user = $collection->find(array(
"username" => $_GET['username'],
'admin',
"passwd" => $_GET['passwd']
array("$ne" => 1)
));

● PHP makes array data from GET/POST request
●
ex. login.php?username=admin&passwd[$ne]=1


Solution
●
Don't trust user input data
● GET/POST/Cookie
● Solution
● Cast to string
● Check all keys of array


Solution

Cast to string


Solution(cast to string)

$cursor = $collection->find(array(
"username" => (string)$_GET['username'],
"passwd" => (string)$_GET['passwd']
));


Solution(cast to string)

$cursor = $collection->find(array(
"username" => 'admin',
"passwd" => 'Array'
));


Solution

Check keys
of
input data

Solution(check keys)

SecurePHP
Library
https://github.com/ichikaway/SecurePHP

SecurePHP
●
Check Post/Get/Cookie
● Check all array keys
●
allow: a-z0-9:-_./
● Check null byte

SecurePHP
vi webroot/index.php

require_once(
'SecurePHP/config/bootstrap.php'
);
$Dispatcher = new Dispatcher();
$Dispatcher->dispatch();


In the future

Relational data fetch
coming soon
(hasOne, hasMany, belongsTo)
relation branch


Summary
● What's MongoDB?
● Using MongoDB with CakePHP

● Setup

● Usage(find, save, MongoObject)

● Security

● Injection attack

● Future

● Relational data fetch


THANK YOU


Tips of CakePHP and MongoDB - Cakefest2011 ichikaway

More Related Content

What's hot

Viewers also liked

Similar to Tips of CakePHP and MongoDB - Cakefest2011 ichikaway

More from ichikaway

Recently uploaded

Tips of CakePHP and MongoDB - Cakefest2011 ichikaway