refactor to slim app

Author: jdpedrie

cloud_sql/sqlserver/pdo/README.md

@@ -3,36 +3,49 @@
 ## Before you begin
 
 1. This code sample requires the `pdo_sqlsrv` extension to be installed and enabled. For more information, including getting started guides, refer to the [source repository](https://github.com/Microsoft/msphpsql).
-2. Before you use this code sample, you need to have [Composer](https://getcomposer.org/) installed or downloaded into this folder. Download instructions can be found [here](https://getcomposer.org/download/).
+2. Before you use this code sample, you need to have [Composer](https://getcomposer.org/) installed or downloaded into this folder. Download instructions can be found [here](https://getcomposer.org/download/). Once you've installed composer, use it to install required dependencies by running `composer install`.
 3. Create a SQL Server Cloud SQL Instance by following these [instructions](https://cloud.google.com/sql/docs/sqlserver/create-instance). Note the connection string, database user, and database password that you create.
 4. Create a database for your application by following these [instructions](https://cloud.google.com/sql/docs/sqlserver/create-manage-databases). Note the database name.
 5. Create a service account with the 'Cloud SQL Client' permissions by following these [instructions](https://cloud.google.com/sql/docs/postgres/connect-external-app#4_if_required_by_your_authentication_method_create_a_service_account). Download a JSON key to use to authenticate your connection.
-6. Use the information noted in the previous steps:
+
+## Running Locally
+
+To run this application locally, download and install the `cloud_sql_proxy` by following the instructions [here](https://cloud.google.com/sql/docs/sqlserver/sql-proxy#install).
+
+To authenticate with Cloud SQL, set the `$GOOGLE_APPLICATION_CREDENTIALS` environment variable:
 
 ```bash
 export GOOGLE_APPLICATION_CREDENTIALS=/path/to/service/account/key.json
-export CLOUD_SQL_CONNECTION_NAME='<MY-PROJECT>:<INSTANCE-REGION>:<MY-DATABASE>'
-export DB_USER='my-db-user'
-export DB_PASS='my-db-pass'
-export DB_NAME='my-db-name'
-export DB_HOSTNAME='(local)'
 ```
 
-Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as [Cloud KMS](https://cloud.google.com/kms/) to help keep secrets safe.
+To run the Cloud SQL proxy, you need to set the instance connection name. See the instructions [here](https://cloud.google.com/sql/docs/sqlserver/quickstart-proxy-test#get_the_instance_connection_name) for finding the instance connection name.
 
-## Running Locally
+```bash
+export CLOUD_SQL_CONNECTION_NAME='<MY-PROJECT>:<INSTANCE-REGION>:<MY-DATABASE>'
+```
 
-To run this application locally, download and install the `cloud_sql_proxy` by following the instructions [here](https://cloud.google.com/sql/docs/sqlserver/sql-proxy#install).
+Once the proxy is ready, use one of the following commands to start the proxy in the background.
 
-Once the proxy is ready, use the following command to start the proxy in the background:
+You may connect to your instance via TCP. To connect via TCP, you must provide a port as part of the instance name, as demonstrated below.
 
 ```bash
-$ ./cloud_sql_proxy -dir=/cloudsql \
+$ ./cloud_sql_proxy \
     --instances=$CLOUD_SQL_CONNECTION_NAME=tcp:1433 \
     --credential_file=$GOOGLE_APPLICATION_CREDENTIALS
 ```
 
-Note: Make sure to run the command under a user with write access in the `/cloudsql` directory. This proxy will use this folder to create a unix socket the application will use to connect to Cloud SQL.
+### Set Configuration Values
+
+Set the required environment variables for your connection to Cloud SQL.
+
+```bash
+export DB_USER='my-db-user'
+export DB_PASS='my-db-pass'
+export DB_NAME='my-db-name'
+export DB_HOSTNAME='127.0.0.1'
+```
+
+Note: Saving credentials in environment variables is convenient, but not secure - consider a more secure solution such as [Secret Manager](https://cloud.google.com/secret-manager/) to help keep secrets safe.
 
 Execute the following:
 

cloud_sql/sqlserver/pdo/app.yaml

@@ -15,13 +15,13 @@
 runtime: php72
 
 # Remember - storing secrets in plaintext is potentially unsafe. Consider using
-# something like https://cloud.google.com/kms/ to help keep secrets secret.
+# something like https://cloud.google.com/secret-manager/ to help keep secrets
+# secret.
 env_variables:
-  CLOUD_SQL_CONNECTION_NAME: <MY-PROJECT>:<INSTANCE-REGION>:<MY-DATABASE>
   DB_USER: my-db-user
   DB_PASS: my-db-pass
-  DB_NAME: my_db
-  DB_HOSTNAME: localhost
+  DB_NAME: my-db
+  DB_HOSTNAME: "172.17.0.1"
 
 # Defaults to "serve index.php" and "serve public/index.php". Can be used to
 # serve a custom PHP front controller (e.g. "serve backend/index.php") or to

cloud_sql/sqlserver/pdo/composer.json

@@ -0,0 +1,24 @@
+{
+    "name": "google/cloud-sql-sqlserver-example",
+    "autoload": {
+        "psr-4": {
+            "Google\\Cloud\\Samples\\CloudSQL\\SQLServer\\": "src"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "Google\\Cloud\\Samples\\CloudSQL\\SQLServer\\Tests\\": "src"
+        }
+    },
+    "require": {
+        "php": ">= 7.2",
+        "slim/slim": "^4.5",
+        "slim/twig-view": "^3.1",
+        "pimple/pimple": "^3.3",
+        "guzzlehttp/psr7": "^1.6",
+        "http-interop/http-factory-guzzle": "^1.0"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^8.5"
+    }
+}

cloud_sql/sqlserver/pdo/index.php

@@ -15,28 +15,40 @@
  * limitations under the License.
  */
 
-require_once 'src/DB.php';
-require_once 'src/Votes.php';
+declare(strict_types=1);
 
-use Google\Cloud\Samples\CloudSQL\SQLServer\DB;
-use Google\Cloud\Samples\CloudSQL\SQLServer\Votes;
+use GuzzleHttp\Psr7;
 
-$votes = new Votes(DB::createPdoConnection());
+include __DIR__ . '/vendor/autoload.php';
 
-if ($_SERVER['REQUEST_URI'] == '/' && $_SERVER['REQUEST_METHOD'] == 'GET') {
-    $list = $votes->list();
+$app = include __DIR__ . '/src/app.php';
 
-    $vote_count = $votes->count_candidates();
-    $tab_count = $vote_count['tabs'];
-    $space_count = $vote_count['spaces'];
+$app->get('/', function ($request, $response) {
+    $this->get('votes')->createTableIfNotExists();
+
+    return $this->get('view')->render($response, 'template.twig', [
+        'votes' => $this->get('votes')->listVotes(),
+        'tabCount' => $this->get('votes')->getCountByValue('TABS'),
+        'spaceCount' => $this->get('votes')->getCountByValue('SPACES'),
+    ]);
+});
+
+$app->post('/', function ($request, $response) {
+    $this->get('votes')->createTableIfNotExists();
 
-    include_once("./template.php");
-} elseif ($_SERVER['REQUEST_URI'] == '/' && $_SERVER['REQUEST_METHOD'] == 'POST') {
     $message = 'Invalid vote. Choose Between TABS and SPACES';
 
-    if (!empty($_POST['team']) && in_array($_POST['team'], ['SPACES', 'TABS'])) {
-        $message = $votes->save($_POST['team']);
+    $formData = $request->getParsedBody() + [
+        'voteValue' => ''
+    ];
+
+    if (in_array($formData['voteValue'], ['SPACES', 'TABS'])) {
+        $message = $this->get('votes')->insertVote($formData['voteValue'])
+            ? 'Vote cast for ' . $formData['voteValue']
+            : 'An error occurred';
     }
 
-    echo $message;
-}
+    return $response->withBody(Psr7\stream_for($message));
+});
+
+$app->run();

cloud_sql/sqlserver/pdo/phpunit.xml.dist

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit colors="true">
+  <testsuites>
+    <testsuite name="CloudSQLSQLServerSample">
+      <directory>tests</directory>
+    </testsuite>
+  </testsuites>
+  <filter>
+    <whitelist>
+      <directory suffix=".php">src</directory>
+    </whitelist>
+  </filter>
+</phpunit>

cloud_sql/sqlserver/pdo/src/DB.php

@@ -15,83 +15,119 @@
  * limitations under the License.
  */
 
+declare(strict_types=1);
+
 namespace Google\Cloud\Samples\CloudSQL\SQLServer;
 
 use PDO;
+use PDOException;
+use RuntimeException;
 
+/**
+ * Manage votes using the Cloud SQL database.
+ */
 class Votes
 {
+    /**
+     * @var PDO
+     */
     private $connection;
 
+    /**
+     * @param PDO $connection A connection to the database.
+     */
     public function __construct(PDO $connection)
     {
         $this->connection = $connection;
-        $this->create_table();
     }
 
-    private function create_table()
+    /**
+     * Creates the table if it does not yet exist.
+     *
+     * @return void
+     */
+    public function createTableIfNotExists()
     {
-        $tableName = "votes";
-
         $existsStmt = "SELECT * FROM INFORMATION_SCHEMA.TABLES
             WHERE TABLE_NAME = ?";
 
         $stmt = $this->connection->prepare($existsStmt);
-        $stmt->execute([$tableName]);
+        $stmt->execute(['votes']);
 
-        // If table does not exist, create it!
         $row = $stmt->fetch(PDO::FETCH_ASSOC);
+
+        // If the table does not exist, create it.
         if (!$row) {
-            $sql = "
-            CREATE TABLE votes (
+            $sql = "CREATE TABLE votes (
                 vote_id INT NOT NULL IDENTITY,
                 time_cast DATETIME NOT NULL,
-                candidate VARCHAR(6) NOT NULL,
+                vote_value VARCHAR(6) NOT NULL,
                 PRIMARY KEY (vote_id)
             );";
-            if ($this->connection->exec($sql) !== 1) {
-                print_r($this->connection->errorInfo());
-                exit;
-            }
+
+            $this->connection->exec($sql);
         }
     }
 
-    public function list()
+    /**
+     * Returns a list of the last five votes
+     *
+     * @return array
+     */
+    public function listVotes() : array
     {
-        $sql = "SELECT TOP 5 candidate, time_cast FROM votes ORDER BY time_cast DESC";
+        $sql = "SELECT TOP 5 vote_value, time_cast FROM votes ORDER BY time_cast DESC";
         $statement = $this->connection->prepare($sql);
         $statement->execute();
-        return $statement->fetchAll();
+        return $statement->fetchAll(PDO::FETCH_ASSOC);
     }
 
-    public function count_candidates()
+    /**
+     * Get the number of votes cast for a given value.
+     *
+     * @param string $value
+     * @param int
+     */
+    public function getCountByValue(string $value) : int
     {
-        $sql = "SELECT COUNT(vote_id) as voteCount FROM votes WHERE candidate = ?";
-        $count = [];
+        $sql = "SELECT COUNT(vote_id) as voteCount FROM votes WHERE vote_value = ?";
 
         $statement = $this->connection->prepare($sql);
+        $statement->execute([$value]);
 
-        //tabs
-        $statement->execute(['TABS']);
-        $count['tabs'] = $statement->fetch()[0];
-
-        //spaces
-        $statement->execute(['SPACES']);
-        $count['spaces'] = $statement->fetch()[0];
-
-        return $count;
+        return (int) $statement->fetch(PDO::FETCH_COLUMN);
     }
 
-    public function save($team)
+    /**
+     * Insert a new vote into the database
+     *
+     * @param string $value The value to vote for.
+     * @return boolean
+     */
+    public function insertVote(string $value) : bool
     {
-        $sql = "INSERT INTO votes (time_cast, candidate) VALUES (GETDATE(), :candidate)";
-        $statement = $this->connection->prepare($sql);
-        $statement->bindParam('candidate', $team);
-
-        if ($statement->execute()) {
-            return "Vote successfully cast for '$team'";
+        $conn = $this->connection;
+        $res = false;
+
+        # [START cloud_sql_sqlserver_pdo_connection]
+        // Use prepared statements to guard against SQL injection.
+        $sql = "INSERT INTO votes (time_cast, vote_value) VALUES (GETDATE(), :voteValue)";
+
+        try {
+            $statement = $conn->prepare($sql);
+            $statement->bindParam('voteValue', $value);
+
+            $res = $statement->execute();
+        } catch (PDOException $e) {
+            throw new RuntimeException(
+                "Could not insert vote into database. The PDO exception was " .
+                $e->getMessage(),
+                $e->getCode(),
+                $e
+            );
         }
+        # [END cloud_sql_sqlserver_pdo_connection]
 
-        return print_r($statement->errorInfo(), true);
+        return $res;
     }
 }