This video dives in to file handling, including the security risks of accepting, storing, and displaying files.
- View Offline
- [Instructor] In this chapter, we're going to take the Chatter API another step by allowing file oploads. Remember, this is a Twitter-like service, so sending and displaying pictures is an important step. Further, it's uncommon, but there are a number of security vulnerabilities that comes along with image processing display. So, if we're going to handle and process files, we need to make sure we do it properly. But first, let's design our interface. Just like in the Read to Write Chapter, we need to think back to the routes we need.
Since we're still creating a message, it looks like our POST messages route will still work. That's good news. But we need to make one change. Last time, we were only accepting form fields and a single one at that. This time, we need to modified the API to also accept an image. At first glance, it looks like we're going to have to rethink our routing to support POST messages with or without a file. Luckily, it's much easier than that, because incoming files are retrieved by a single function, and treated as an array, like always.
Therefore, while the processing behind the route changes, the user's view of the API never changes. So, congratulations. We just did a major change to our API, but since it was backwards compatible, it was an optional extra parameter. The user was completely unaware. Nice job. Now, let's get back to work. There's another secret on the back end for us. Very little of our code will change too. Our backwards compatible change for the end user will be easy for us too. In fact, when we get to the lab portion, you may be disappointed at how little code actually changes.
But that's the power of a framework.
This course begins with a simple application specification and builds it one step at a time. Each chapter includes a key concept, with examples from other public APIs, and then shows how to build it yourself with Slim. Learn about URL routing, validating input, and generating response codes and hypermedia payloads. Like any project, the first implementation may be a little messy but don't worry. The last chapter covers refactoring and what it takes to scale and support the API going forward.
- Understanding the project goals
- Setting up the database
- Adding authentication in Slim
- Using cross-framework and authentication middleware
- Creating a read-write API in Slim
- Uploading files via the API
- Adding file security
- Creating payloads and response codes in Slim
- Scaling your API