Tarkibga o'tish

PHP β€” Ekspert Darajasi (REST API, autentifikatsiya, xavfsizlik)

Kimga mo'ljallangan: PHP asoslarini (boshlovchi kitob) o'zlashtirgan β€” sintaksis, OOP, PDO, formalar va sessiyalar bilan tanish β€” va endi ishlab chiqarish darajasidagi (production) backend qurishni o'rganmoqchi bo'lganlarga.

Qanday o'qiladi: har bob bitta katta mavzuni chuqur ochadi. Avval nazariya va sabab (nega aynan shunday), so'ng tekshirilgan kod (har bir blok php -l va haqiqiy curl so'rovlari bilan sinaldi), keyin mashqlar (Oson / O'rta / Qiyin β€” ko'pchiligining yechimi bilan). Bu yerda kod shunchaki "ishlaydi" emas, balki to'g'ri bo'lishi muhim: status kodlar ma'noli, xato formati standart, xavfsizlik o'ylab qo'yilgan.

Eng muhim qoida: har bir misolni o'z kompyuteringizda ishga tushiring. API ni curl yoki Postman bilan o'zingiz sinab ko'ring β€” javob status kodlarini va sarlavhalarni kuzating.

Mundarija

  • 01 β€” REST API (ekspert) β€” REST tamoyillari, HTTP verblar va status kodlar semantikasi, front-controller marshrutlash, php://input, validatsiya qatlami, RFC 7807 Problem Details va to'liq CRUD REST API.
  • 02 β€” HTTP klient: cURL va Guzzle β€” tashqi API chaqirish: native cURL (setopt/exec/getinfo), Guzzle (PSR-18), timeout, qayta urinish (retry) + eksponensial backoff, circuit breaker va webhook imzosini tekshirish (HMAC).
  • 03 β€” Authorization va RBAC β€” autentifikatsiya vs avtorizatsiya, rol/ruxsat modeli (RBAC), policy/gate naqshi, guard middleware, ABAC va IDOR (broken access control) oldini olish.
  • 04 β€” JWT va stateless auth β€” stateful vs stateless autentifikatsiya, JWT tuzilishi (header.payload.signature), HS256 imzosini qo'lda yozish, firebase/php-jwt, access/refresh token tsikli va xavfsizlik tuzoqlari.
  • 05 β€” Qat'iy tiplash va PHP 8.4 tip tizimi β€” declare(strict_types=1) va nega, strict vs coercive, skalyar/?T/union/intersection/DNF turlar, never/void/mixed, false/true literal turlar, self vs static, type narrowing (instanceof/match (true)/array_is_list) va == vs === tuzoqlari.
  • 06 β€” readonly, Value Object va variance β€” readonly property/class, immutable Value Object (Money/Email/Uuid), bcmath bilan pul aniqligi, "withX" immutable yangilash (__clone), kovariantlik/kontravariantlik (Liskov) va #[\Override].
  • 07 β€” Property hooks va asymmetric visibility (8.4) β€” PHP 8.4 ning eng yangi imkoniyatlari: get/set property hooks, virtual property, public private(set) asymmetric visibility, hooks vs magic __get va getter/setter boilerplate'ni o'ldirish.
  • 08 β€” Reflection, attributes va FFI β€” ReflectionClass/Method/Property, #[Attribute] bilan o'z atributingni yozish va o'qish (router/validator/DI "sehri"), Reflection cache hamda FFI bilan C kutubxonaga ulanish.
  • 09 β€” WeakMap, SPL va reference semantikasi β€” WeakReference/WeakMap (memory-leak'siz cache), SPL interfeyslar (ArrayAccess/Countable/Iterator/JsonSerializable), SPL data strukturalar va reference/COW/GC semantikasi.
  • 10 β€” PSR standartlari va PHP-FIG β€” PHP-FIG va interoperability, PSR-1/12 + PHP-CS-Fixer, PSR-4 autoload, PSR-3 Logger, PSR-7/17 HTTP, PSR-11 Container β€” paketlar almashinuvining "umumiy tili".
  • 11 β€” HTTP xabarlari: PSR-7 va PSR-17 β€” HTTP so'rov/javobni immutable obyekt sifatida: ServerRequest/Response/Uri/Stream, withX (yangi nusxa) va nega bu middleware uchun xavfsiz.
  • 12 β€” PSR-15 middleware pipeline β€” "piyoz" (onion) modeli, MiddlewareInterface/RequestHandlerInterface, pipeline/dispatcher qurish va short-circuit (auth 401).
  • 13 β€” PSR-11 DI konteyner qurish β€” Reflection bilan autowiring, binding (interfeysβ†’implementatsiya), singleton vs factory, aylanma bog'liqlik aniqlash va compiled konteyner.
  • 14 β€” Routing va front controller β€” front controller (bitta index.php), route table, parametrli path, #[Route] atribut-asosli routing, dispatch va 404/405.
  • 15 β€” O'z mini-frameworkingizni yig'ish β€” kernel = konteyner + router + middleware + PSR-7 birga; to'liq ishlaydigan mini-app; Slim/Symfony/Laravel internals bilan solishtirish.
  • 16 β€” Twig va xavfsiz shablon β€” avtomatik escaping (XSS template-darajada), shablon merosi (extends/block), escaping konteksti (html/js/url) va |raw xavfi.
  • 17 β€” Fayllar, oqimlar va katta ma'lumot β€” stream wrappers/filters, SplFileObject, generator bilan katta fayl (xotira tejash), flock/atomik yozish, RecursiveDirectoryIterator, ZipArchive, finfo MIME va path-traversal xavfsizligi.
  • 18 β€” Fayl formatlari, rasm va bulutli saqlash β€” CSV chuqur, Excel (PhpSpreadsheet), PDF (Dompdf), rasm (GD β€” resize/thumbnail/optimize) va league/flysystem bilan bulutli saqlash (lokal + S3-mos object storage).
  • 19 β€” SOLID prinsiplari (refactoring katalar) β€” SRP/OCP/LSP/ISP/DIP har biri uchun yomon kod β†’ nega yomon β†’ refactoring kata; code smells (god class, feature envy, primitive obsession, data clumps); anemic vs rich domen model; over-engineering tanqidi.
  • 20 β€” Design patterns (GoF) idiomatik PHP 8.4 β€” creational (Factory/Builder/Singleton tuzoqlari), structural (Adapter/Decorator/Proxy/Facade/Composite), behavioral (Strategy/Observer/Command/State/Chain); zamonaviy PHP idiomlari (closure-as-Strategy, __invoke, enum-as-State) va pattern abuse tanqidi.
  • 21 β€” Taktik dizayn: Repository, Service, DTO, Value Object β€” Repository (domen interfeysi / infra implementatsiya), Data Mapper vs Active Record, Service/use-case qatlami, DTO vs Value Object farqi va N+1 muammosi.
  • 22 β€” PHPUnit chuqur va test doubles β€” AAA, test piramidasi, atributlar (#[Test]/#[DataProvider]), test doubles taksonomiyasi (dummy/stub/spy/mock/fake), assertSame vs assertEquals va London vs Chicago maktablari.
  • 23 β€” Pest, integratsiya, coverage va mutation testing β€” Pest ifodali sintaksis, sqlite transactional fixtures, coverage (line vs branch), mutation testing (Infection MSI) va TDD red-green-refactor.
  • 24 β€” Static analysis va avtomatik sifat β€” PHPStan (level max + baseline), Psalm, @template generics, Rector (avtomatik refaktoring), PHP-CS-Fixer va CI sifat-darvozasi.
  • 25 β€” Hexagonal va Clean arxitektura β€” ports & adapters, bog'liqlik o'qi ichkariga, domain/application/infrastructure qatlamlar, framework "detal" sifatida va domenni 0-infratuzilma bilan test qilish.
  • 26 β€” Domain-Driven Design va CQRS β€” entity vs Value Object, aggregate + invariant + domain event, bounded context/ubiquitous language, CQRS (command/query) va message bus (Symfony Messenger).
  • 27 β€” Performance: OPcache, JIT, profiling va keshlash β€” "avval o'lchang", OPcache/JIT/preloading, profiling, PSR-6/16 kesh, cache-aside/stampede, Redis va N+1.
  • 28 β€” Async va parallel PHP β€” generator koroutina sifatida, Fibers (8.1), ReactPHP/Amp event-loop, Swoole/RoadRunner/FrankenPHP va qachon async kerak emas.
  • 29 β€” Navbatlar, observability va deploy β€” queues/workers (Symfony Messenger), idempotentlik/outbox/dead-letter, Monolog + korrelyatsiya ID + global handlerlar, Docker/12-factor va zero-downtime deploy.
  • 30 β€” Yakuniy senior kapston β€” butun trekni bog'laydigan production-grade hexagonal xizmat (REST + RBAC/JWT + navbat + Redis kesh + test + observability + Docker + ADR).

Eslatma: bu trek endi TO'LIQ β€” 30 bob, "0 dan PHP expertgacha". Olti to'plam: birinchi (01-04 β€” REST/auth), ikkinchi (05-10 β€” PHP 8.4 tip tizimi va meta-dasturlash), uchinchi (11-16 β€” framework internals), amaliy I/O (17-18 β€” fayllar/formatlar/bulut), sifat-muhandislik (19-24 β€” SOLID/patterns/testing/static analysis) va senior/arxitektura (25-30 β€” hexagonal/DDD/CQRS, performance, async, production va yakuniy kapston). Boblar mustaqil o'qilishi mumkin, lekin tartib bilan o'qish tavsiya etiladi.

Talab qilinadigan tayyorgarlik

Bu kitobni boshlashdan oldin boshlovchi kitobning quyidagi boblari o'zlashtirilgan bo'lishi kerak:

🏠 Bosh sahifa Β· ⬅️ Boshlovchi PHP kitobi