Ports: The Gatekeepers

From Nephtali Documentation

Nephtali validates all incoming Get, Post, Cookie, and File values through what are called "ports." A port automatically checks the value(s) received against the expected properties (length, type, etc.)

Port validation options

whitelist

Default: Empty
Valid if: The incoming value matches one of the whitelist values.
Additional info: o other validation checks are performed on a port that has 'whitelist' set.

min_length

Default: 1
Valid if: The incoming value is greater than or equal to the min_length.
Additional info: The check takes place on strings AND numbers.

max_length

Default: 10
Valid if: The incoming value is less than or equal to the max_length.
Additional info: The check takes place on strings AND numbers.

min_value

Default: 0
Valid if: The incoming value is greater than or equal to the min_value.
Additional info: This check only occurs on ports with filter set to n\constant\FILTER_INT -OR- n\constant\FILTER_DOUBLE.

max_value

Default: 9999999999
Valid if: The incoming value is less than or equal to the max_value.
Additional info: This check only occurs on ports with filter set to n\constant\FILTER_INT -OR- n\constant\FILTER_DOUBLE.

filter

Default: n\constant\FILTER_INT.
Valid if: The incoming value passes the default regex and XSS tests for the filter.
Additional info: The filter provides a default regex value and a default preference for XSS testing. You can set a filter and then manually set your own regex to be evaluated.

regex

Default: null (defaults to that of the filter)
Valid if: The incoming value matches the supplied regex.
Additional info: The regex defaults to that of the corresponding filter for the pipe if unset. However, if you manually set the regex, that regex is run as the check.

encrypted

Default: false
Valid if: NA
Additional info: If set to true, the incoming value is first decrypted (using the 'encryption_key' and 'encryption_salt' in nconfig.php), and then passed on to the validation checks. This setting assumes the value was encrypted with n\security\encrypt().

allow_null

Default: false
Valid if: The value is set within the particular global array within the request. If 'allow_null' is set to true, the value will still be valid even if unset.
Additional info: Useful for form inputs like checkbox fields that don't submit a value when left unchecked.

allow_array

Default: false
Valid if: NA
Additional info: When false, the data is validated as a single value. When set to true, the incoming value is expected to be an array and the security checks are performed on each of the individual values. If one value is invalid, the entire set is invalid.

validators

Default: Empty array
Valid if: The function(s) return true upon receiving the value as an argument.
Additional info: You can pass in any number of validator functions. The key passed in will serve as the error message if the function returns false.

formatter

Default: null
Valid if: NA
Additional info: If provided, a formatter function is run just after the value is unencrypted (if required), and just before the validation checks.

formatted_name

Default: The name of the port is transformed via the following PHP: str_replace('_', ' ', ucfirst($port_name))
Valid if: NA
Additional info: The formatted name is used in any automatically generated error messages.

error_message

Default: Null
Valid if: NA
Additional info: If set, this message will be displayed for any incoming value found to be invalid.

error_messages

Default: Empty array
Valid if: NA
Additional info: Using this option, you can pass in an associative array of custom error messages. For example, if you wanted to set a custom error message for 'min_length', you'd pass in the array 'error_messages' => array('min_length' => 'Why would you enter such a whimpy little value?'). Any error messages not explicitly set in this are still generated using the automatic error message.

Example using ports

The example below is an example of a page that allows one to add, update, and delete users from a DB. Additionally, it displays a list of the users currently in the DB. The ports validate the incoming values, and help determine which, if any, actions in the action pipe are carried out.


/**
 * Code generated with Nedit, Nephtali's online code generator
 * http://nephtaliproject.com/nedit/index.php
 */

/**
 * Ports validate incoming Get, Post, Cookie, and File variables.
 * You can view more information on ports and their settings at the Nephtali wiki:
 * http://docs.nephtaliproject.com/wiki/Ports:_The_Gatekeepers
 */

n\port\register(
    $name = 'id',
    $value = $_POST['id'],
    $opts = array(
        'max_length' => 10
    )
);

n\port\register(
    $name = 'first_name',
    $value = $_POST['first_name'],
    $opts = array(
        'max_length' => 40,
        'filter' => n\constant\FILTER_TEXT
    )
);

n\port\register(
    $name = 'last_name',
    $value = $_POST['last_name'],
    $opts = array(
        'max_length' => 40,
        'filter' => n\constant\FILTER_TEXT
    )
);

n\port\register(
    $name = 'email',
    $value = $_POST['email'],
    $opts = array(
        'max_length' => 300,
        'formatter' => function($val)
        {
            //add your formatting code that returns the formatted value
            return $val;
        },
        'filter' => n\constant\FILTER_EMAIL
    )
);

n\port\register(
    $name = 'did',
    $value = $_GET['did'],
    $opts = array(
        'max_length' => 10
    )
);

/**
 * Vals are used to simplify the code.
 * If a pipe has multiple required ports, a val has been used to avoid redundancy.
 * This way, if you ever change the list of required ports, you only have to alter one line.
 * If you've added an action pipe, each individual action's ports are stored as a val.
 */

n\val($name = 'update_user', $value = array('id','first_name','last_name','email'));

n\val($name = 'insert_user', $value = array('first_name','last_name','email'));

n\val($name = 'delete_user', $value = array('did'));

/**
 * Pipes display dynamic content within the page.
 * They control which view is displayed and handle databinding within the selected view.
 * You can view more information on pipes and their settings at the Nephtali wiki:
 * http://docs.nephtaliproject.com/wiki/Pipes:_Dynamic_Displays
 */

n\pipe\register_action(
    $name = 'user',
    $actions = array(
        n\port\signature(n\val('update_user')) => function($markup)
        {
            if (count($rows = n\port\validate(n\val('update_user'))))
            {
                return n\view\render($view = 'feedback', $markup, $rows);
            }

            n\sql\action\update($table_name = 'users', $inputs = n\val('update_user'));

            return n\view\render($view = 'update', $markup);
         },
        n\port\signature(n\val('insert_user')) => function($markup)
        {
            if (count($rows = n\port\validate(n\val('insert_user'))))
            {
                return n\view\render($view = 'feedback', $markup, $rows);
            }

            n\sql\action\insert($table_name = 'users', $inputs = n\val('insert_user'));

            return n\view\render($view = 'insert', $markup);
         },
        n\port\signature(n\val('delete_user')) => function($markup)
        {
            if (count($rows = n\port\validate(n\val('delete_user'))))
            {
                return n\view\render($view = 'feedback', $markup, $rows);
            }

            n\sql\action\delete($table_name = 'users', $id = n\port\get('did'));

            return n\view\render($view = 'delete', $markup);
         }
    )
);

n\pipe\register(
    $name = 'users',
    $function = function($markup)
    {
        if (count($rows = n\sql\source($query = 'SELECT * FROM examples')
        {
            return n\view\render($view = 'default', $markup, $rows);
        }

        return n\view\render($view = 'empty', $markup);
    }
);