Yii3 - How to start

Tutorials

3.0

In Yii3 it is not as easy to start as it was with Yii2. You have to install and configure basic things on your own. Yii3 uses the modern approach based on independent packages and dependency injection, but it makes it harder for newcomers. I am here to show them ...

Note:
- Instead of installing local WAMP- or XAMPP-server I will be using Docker.
- Do not forget about a modern IDE like PhpStorm, which comes budnled with all you will ever need.

# Yii3 - How to startYou can technically create a migration or a command and insert random data manually. But you can also use the Faker. In that case I needed following dependencies:

- ```sh
 
composer require fakerphp/faker - composer require yiisoft/security (not only for generating random strings)  
```


Now find the class `HelloCommand.php`, copy and rename it to `SeedCommand.php`- OAuth, OAuth2 - too complex for a simple API

Before you start, install dependency:
 
 
```sh
 
composer require yiisoft/security
 
```
 
 
Let's create a migration for storing the access tokens:

```php```

Then you will also need class `App\Entity\UserTokenRepository` for DB manipulation. Copy and modify the UserRepository. These methods will be handy:

```php<?php
declare(strict_types=1);

 
namespace App\Api;
 
use App\Api\Shared\ResponseFactory;
use App\Entity\UserRepository;
use App\Entity\UserTokenRepository;use Yiisoft\DataResponse\DataResponse;
use Yiisoft\Http\Status;

 
final class LoginAction { public function __construct( private UserRepository $userRepository, private UserTokenRepository $userTokenRepository, )
 
    {
 
    }
 
{}
public function __invoke(
ResponseFactory $responseFactory,{
$data = json_decode((string) $request->getBody(), true);

 
$username = $data['username'] ?? ''; $password = $data['password'] ?? '';
 
$user = $this->userRepository->findByUsername($username);
 
if (!$user || !$user->validatePassword($password)) { return new DataResponse(['error' => 'Invalid credentials'], Status::UNAUTHORIZED); }
 
$this->userTokenRepository->deleteByUserId($user->getId()); $userToken = $this->userTokenRepository->create($user->getId());
 
return $responseFactory->success([ 'token' => $userToken->getToken(), 'expires_at' => $userToken->getExpiresAt()->format(DateTimeImmutable::ATOM), ]); }
 
} ``` Next we also need an algorithm that will enforce these tokens in each request, will validate and refresh them and will restrict access only to endpoints that the user can use. This is a bigger topic for later. It may be covered by the package https://github.com/yiisoft/auth/ which offers "HTTP bearer authentication". ## JS client - Installable Vuejs3 PWA If you create a REST API you may be interested in a JS frontend that will communicate with it using Ajax. Below you can peek into my very simple VueJS3 attempt. It is an installable PWA application that works in offline mode (=1 data transfer per day, not on every mouse click) and is meant for situations when customer does not have wifi everywhere. See my [Gitlab](https://gitlab.com/radin.cerny/vuejs3-pwa-demo-plus).