Merge pull request #68 from spiks/strict-static-analysis-typing

Strict typing for Psalm and PHPStan

Author: flaksp

.github/workflows/tests.yml

@@ -6,7 +6,7 @@ jobs:
   phpunit:
     strategy:
       matrix:
-        php: ['8.0', '8.1']
+        php: ['8.1']
 
     name: PHPUnit (PHP ${{ matrix.php }})
     runs-on: ubuntu-latest

.php-cs-fixer.php

@@ -80,6 +80,10 @@
 $rules['single_line_throw'] = false;
 $rules['static_lambda'] = true;
 $rules['use_arrow_functions'] = true;
+$rules['no_superfluous_phpdoc_tags'] = false;
+$rules['phpdoc_to_comment'] = [
+    'ignored_tags' => ['psalm-suppress'],
+];
 
 return (new PhpCsFixer\Config())
     ->setRules($rules)

.run/PHPUnit.run.xml

@@ -1,7 +1,7 @@
 <component name="ProjectRunConfigurationManager">
   <configuration default="false" name="PHPUnit" type="PHPUnitRunConfigurationType" factoryName="PHPUnit">
     <CommandLine workingDirectory="$PROJECT_DIR$" />
-    <TestRunner configuration_file="/var/www/html/phpunit.xml" scope="XML" />
+    <TestRunner configuration_file="$PROJECT_DIR$/phpunit.xml" scope="XML" />
     <method v="2" />
   </configuration>
-</component>
+</component>

.run/Run Psalm.run.xml

@@ -1,5 +1,5 @@
 <component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="Run Psalm" type="PhpLocalRunConfigurationType" factoryName="PHP Console" path="$PROJECT_DIR$/vendor/bin/psalm">
+  <configuration default="false" name="Run Psalm" type="PhpLocalRunConfigurationType" factoryName="PHP Console" path="$PROJECT_DIR$/vendor/bin/psalm" scriptParameters="--output-format=phpstorm">
     <CommandLine workingDirectory="$PROJECT_DIR$" />
     <method v="2" />
   </configuration>

README.md

@@ -2,135 +2,39 @@
 
 Denormalizes and validates any kind of user input, so it may be easily used in:
 
-- HTML forms
-- APIs
-- console command arguments
-
-... and in a lot of other scenarios.
+- HTML forms,
+- APIs,
+- console command arguments,
+- ... and in a lot of other scenarios.
 
 ## Installation
 
 _**Warning:** At this moment the library is being tested in real projects to detect possible problems in its design, so API changes are possible. Please wait for stable version._
 
-PHP 8.0 or newer is required. The library is available in [Packagist](https://packagist.org/packages/spiks/user-input-processor) and may be installed with Composer:
+PHP 8.1 or newer is required. The library is available in [Packagist](https://packagist.org/packages/spiks/user-input-processor) and may be installed with Composer:
 
 ```console
 composer require spiks/user-input-processor
 ```
 
-## Conception
-
-### Denormalizer
-
-Denormalizer is something that should be used to validate and denormalize data. It may also re-use other denormalizers, which should be passed via [dependency injection](https://en.wikipedia.org/wiki/Dependency_injection).
-
-- If denormalization was successful, denormalizer may return anything: unmodified data, [DTO](https://en.wikipedia.org/wiki/Data_transfer_object) or [value object](https://en.wikipedia.org/wiki/Value_object).
-- If validation error happened (e.g. email has invalid format), denormalizer throws [`ValidationError`](src/Exception/ValidationError.php) exception that has [`ConstraintViolationCollection`](src/ConstraintViolation/ConstraintViolationCollection.php).
-
-The library is bundled with some basic denormalizers for each type that may appear in JSON. Most of them come with validation options inspired by [JSON Schema specification](https://json-schema.org/specification.html). Opinionated denormalizers and constraint violations for emails, phone numbers, IP addresses and for other cases are out of scope of the library.
-
-### Constraint violation
-
-Constraint violation object describes which field contains invalid value. [`ConstraintViolationInterface`](src/ConstraintViolation/ConstraintViolationInterface.php) has several public methods:
-
-- `public static function getType(): string` — constraint violation type. It is a string identifier of an error (e.g. `string_is_too_long`).
-- `public function getDescription(): string` — human-readable description of an error. Content of this field is a message for development purposes, and it's not intended to be shown to the end user.
-- `public function getPointer(): Pointer` — path to the invalid property.
-
-Any class implementing the interface may add its own public methods specific to its kind of constraint. For example, class [`StringIsTooLong`](src/ConstraintViolation/StringIsTooLong.php) has extra public method `public function getMaxLength(): int` that allows to get max length from the violation.
-
-### Pointer
-
-Every denormalizer and constraint violation accepts [`Pointer`](src/Pointer.php) as an argument. Pointer is a special object that contains path to your property. In most cases you will create only one pointer per form as `Pointer::empty()` for root object denormalizer.
-
-Pointer may be easily converted to something specific to be shown to your client applications. For example, you may serialize it to [JSON Pointer](https://tools.ietf.org/html/rfc6901):
-
-```php
-public function getJsonPointer(Pointer $pointer): string
-{
-    $jsonPointer = '';
-
-    foreach ($pointer->propertyPath as $pathItem) {
-        $jsonPointer .= '/' . $pathItem;
-    }
-
-    return $jsonPointer;
-}
-```
-
-Converting pointers to strings is out of scope of the library, so you should do it by yourself on another abstraction layer.
-
-## Examples
-
-### Your own object denormalizer
-
-In most cases you will want to create your own object types. For example, it may be user profile structure that has display name, username and optional contact email. To implement such denormalizer that returns `UserProfileData` value object, you may write something like this:
-
-```php
-declare(strict_types=1);
-
-namespace App\Denormalizer;
-
-use App\Denormalizer\DisplayNameDenormalizer;
-use App\Denormalizer\EmailDenormalizer;
-use App\Denormalizer\UsernameDenormalizer;
-use App\ValueObject\UserProfileData;
-use Spiks\UserInputProcessor\Denormalizer\ObjectDenormalizer;
-use Spiks\UserInputProcessor\ObjectField;
-use Spiks\UserInputProcessor\ObjectStaticFields;
-use Spiks\UserInputProcessor\Pointer;
-
-final class UserProfileDenormalizer {
-    public function __construct(
-        private ObjectDenormalizer $objectDenormalizer,
-        private EmailDenormalizer $emailDenormalizer,
-        private DisplayNameDenormalizer $displayNameDenormalizer,
-        private UsernameDenormalizer $usernameDenormalizer,
-    ) {}
-
-    public function denormalize(
-        mixed $data
-    ): UserProfileData {
-        $processedData = $this->objectDenormalizer->denormalize(
-            $data,
-            Pointer::empty(),
-            new ObjectStaticFields([
-                'contactEmail' => new ObjectField(
-                    static fn (mixed $fieldData, Pointer $fieldPointer) => $this->emailDenormalizer->denormalize($fieldData, $fieldPointer),
-                    isMandatory: true,
-                ),
-                'displayName' => new ObjectField(
-                    static fn (mixed $fieldData, Pointer $fieldPointer) => $this->displayNameDenormalizer->denormalize($fieldData, $fieldPointer),
-                    isMandatory: true,
-                ),
-                'username' => new ObjectField(
-                    static fn (mixed $fieldData, Pointer $fieldPointer) => $this->usernameDenormalizer->denormalize($fieldData, $fieldPointer),
-                    isMandatory: true,
-                ),
-            ]),
-        );
-
-        return new UserProfileData(
-            $processedData['contactEmail'],
-            $processedData['displayName'],
-            $processedData['username'],
-        );
-    }
-}
-```
+## Features
 
-[`ObjectDenormalizer`](src/Denormalizer/ObjectDenormalizer.php) accepts data (variable `$data`) in any format in the first argument. The second argument accepts pointer. And the third one allows us to describe structure of input data and denormalization rules for each field using [`ObjectStaticFields`](src/ObjectStaticFields.php) object. This object accepts associative array: key is field name and value is [`ObjectField`](src/ObjectField.php). `ObjectField` accepts callable as first argument, object denormalizer passes field's data and its pointer to this callable, so you may simply pass them into denormalizer as shown in the example above. `isMandatory` means the property must be presented in request payload, even if it has `null` value. If `isMandatory` is `false`, client application is allowed to omit the field from request, and `$processedData` variable will miss such key too.
+The main principles behind the library:
 
-## FAQ
+- **Keep it simple**. The library implements only necessary subset of features. It's easy to extend the library to add more. The library is designed as a base for your own implementation, it's not swiss knife that tries to do everything.
+- **Full type coverage for static analysis tools.** Public API and the library internals follow the strictest rules of [Psalm](https://psalm.dev) and [PHPStan](https://phpstan.org) - most popular static analysis tools for PHP. We are designing the library keeping type safety in mind. You will appreciate it if you are using static analysis in your projects too.
 
-### How to get localized validation error message for user?
+## Motivation
 
-There is no such functionality out-of-the-box, because formatting error messages for end-user is not something denormalizer and validator should do. It should be implemented on another abstraction layer. It should be a method in another service that accepts [`ConstraintViolationInterface`](src/ConstraintViolation/ConstraintViolationInterface.php) and returns localized error message for user.
+In our internal projects we use Symfony framework which offers [Symfony Forms](https://symfony.com/doc/current/forms.html) package for user input validation. Symfony Forms has a lot if disadvantages:
 
-`public function getDescription(): string` method exists only for debugging and logging purposes. This value is not recommended being rendered in UI because some constraints may contain very nerd messages like [`ValueDoesNotMatchRegex`](src/ConstraintViolation/ValueDoesNotMatchRegex.php) violation has:
+- Its internals are very complex,
+- It's designed only for HTML forms, and it's not suitable for JSON APIs,
+- It's pain to use Symfony Forms with static analysis tools,
+- Difficult to maintain forms with complex logic within.
 
-> Property does not match regex "/^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}$/".
+There aren't lots of alternative solutions for user input validation. That's why we decided to create our own.
 
-### Why [`ValidationError`](src/Exception/ValidationError.php) exception contains [`ConstraintViolationCollection`](src/ConstraintViolation/ConstraintViolationCollection.php) (collection of constraint violations), not a single violation?
+## Usage
 
-Your denormalizers should return as much constraint violations as possible in one time for better user experience. Check out simple [`StringDenormalizer`](src/Denormalizer/StringDenormalizer.php) to see how it may be implemented in your denormalizers.
+This section will be written when we will be sure API and design is stable enough.

composer.json

@@ -25,16 +25,9 @@
     "docs": "https://github.com/spiks/user-input-processor/blob/main/README.md"
   },
   "require": {
-    "php": ">= 8.0",
+    "php": ">= 8.1",
     "ext-mbstring": "*"
   },
-  "require-dev": {
-    "friendsofphp/php-cs-fixer": "^3.4",
-    "jetbrains/phpstorm-attributes": "^1.0",
-    "phpstan/phpstan": "^1.2",
-    "phpunit/phpunit": "^9.5",
-    "vimeo/psalm": "^4.15"
-  },
   "config": {
     "sort-packages": true
   },
@@ -47,5 +40,15 @@
     "psr-4": {
       "Tests\\Spiks\\UserInputProcessor\\": "tests/"
     }
+  },
+  "require-dev": {
+    "friendsofphp/php-cs-fixer": "^3.5",
+    "jetbrains/phpstorm-attributes": "^1.0",
+    "phpstan/phpstan": "^1.4",
+    "phpstan/phpstan-phpunit": "^1.0",
+    "phpstan/phpstan-strict-rules": "^1.1",
+    "phpunit/phpunit": "^9.5",
+    "psalm/plugin-phpunit": "^0.16.1",
+    "vimeo/psalm": "^4.20"
   }
 }