Tips of CakePHP and MongoDB - Cakefest2011 ichikaway
-
Upload
ichikaway -
Category
Self Improvement
-
view
11.229 -
download
0
description
Transcript of Tips of CakePHP and MongoDB - Cakefest2011 ichikaway
Tips of CakePHP & MongoDB
2011/9/4CakeFest2011
Yasushi Ichikawa
I amYasushi Ichikawa
Ichi
@ichikawayhttp://cake.eizoku.com/blog
Topic● What's MongoDB?● Using MongoDB with CakePHP
● Setup ● Usage
● Security● Future
@ichikaway http://cake.eizoku.com/blog/
NoSQLPerformanceScalability
MongoDB
@ichikaway http://cake.eizoku.com/blog/
Good for
● Social-Apps● Calculation on distributed servers
● log analysis● Questionnaire form
@ichikaway http://cake.eizoku.com/blog/
Terms
@ichikaway http://cake.eizoku.com/blog/
RDB MongoDB
Table Collection
Row Document
Column Field
Schema free
@ichikaway http://cake.eizoku.com/blog/
Posts collection
id, title, body
id, name, tel, fax
id, name, nickname, email
Posts Collection
Schema free
@ichikaway http://cake.eizoku.com/blog/
ScreenBlog collection
Title : xxxxText : yyyyTag: [tag1,tag2,tag3]Comment: [ comment1, comment2, comment3 ]
data
Blog
Title xxxxText yyyy
tag1,tag2,tag3
Comment1Comment2Comment3
MongoDB operators
@ichikaway http://cake.eizoku.com/blog/
Find operators$gt, $gte$lt, $lte
$ne$in
$nin$or
db.posts.find( { age : { $gt: 5 }} )
http://www.mongodb.org/display/DOCS/Advanced+Queries
MongoDB operators
@ichikaway http://cake.eizoku.com/blog/
Update operators$inc$set
$push$pull$pop
$unset
db.posts.update( { name: “Ichi” }, { $inc: { cnt: 1 }})
http://www.mongodb.org/display/DOCS/Updating
Functions● Geospatial index (location info)● Map/Reduce● Binary file saving (GridFS)● Sharding● etc
@ichikaway http://cake.eizoku.com/blog/
@ichikaway http://cake.eizoku.com/blog/
WebSite
@ichikaway http://cake.eizoku.com/blog/
http://kanael.net
@ichikaway http://cake.eizoku.com/blog/
http://kanael.net
kanael.net
●Server● VPS(2.4GHz-2core, 1.5GMem) x 1
●Application● 40% write, 60% read● 300,000 ducuments
@ichikaway http://cake.eizoku.com/blog/
kanael.net
● Peak traffic● 100,000+ requests/day ● CPU 75% (MongoDB 10%)
@ichikaway http://cake.eizoku.com/blog/
Topic● What's MongoDB?● Using MongoDB with CakePHP
● Setup ● Usage
● Security● Future
@ichikaway http://cake.eizoku.com/blog/
CakePHP MongoDB
@ichikaway http://cake.eizoku.com/blog/
Repositorygithub.com/ichikaway/cakephp-mongodb/
CakePHP MongoDB
@ichikaway http://cake.eizoku.com/blog/
Repository●Test files●API documents●Sample Applications
CakePHP MongoDB
@ichikaway http://cake.eizoku.com/blog/
PHP5+ CakePHP1.2, 1.3, 2.0-beta Pecl Mongo driver Documents
● https://github.com/ichikaway/cakephp-mongodb/wiki
Structure
@ichikaway http://cake.eizoku.com/blog/
CakePHP-MongoDB Datasource
MongoDB
MongoCollection
MongoCursor
Model
@ichikaway http://cake.eizoku.com/blog/
Setup
Setup pecl mongo
@ichikaway http://cake.eizoku.com/blog/
pecl install mongo
vi php.iniextension=mongo.so
@ichikaway http://cake.eizoku.com/blog/
CakePHP1.3
Setup Cake Mongo(1.3)
@ichikaway http://cake.eizoku.com/blog/
cd app/pluginsgit clone git://github.com/ichikaway/cakephp-mongodb.git mongodb
vi app/config/database.php
database.php Cake1.3
@ichikaway http://cake.eizoku.com/blog/
class DATABASE_CONFIG { public $default = array( 'driver' => 'mongodb.mongodbSource', 'database' => 'blog', 'host' => 'localhost', 'port' => 27017, );
@ichikaway http://cake.eizoku.com/blog/
CakePHP2.0
Setup Cake Mongo(2.0)
@ichikaway http://cake.eizoku.com/blog/
cd app/Plugingit clone git://github.com/ichikaway/cakephp-mongodb.git Mongodbgit checkout -b cake2.0 origin/cake2.0vi app/Config/database.php
database.php Cake2.0
@ichikaway http://cake.eizoku.com/blog/
// app/Config/database.phpclass DATABASE_CONFIG { public $default = array( 'datasource' => 'Mongodb.MongodbSource', 'host' => 'localhost', 'database' => 'blog', 'port' => 27017, );
Load plugin Cake2.0
@ichikaway http://cake.eizoku.com/blog/
//app/Config/bootstrap.phpCakePlugin::load('Mongodb')
Sample Post Model
@ichikaway http://cake.eizoku.com/blog/
class Post extends AppModel{ public $primaryKey = '_id'; }
@ichikaway http://cake.eizoku.com/blog/
Useage
find data
@ichikaway http://cake.eizoku.com/blog/
class PostsController extends AppController{ public function index() { $this->Post->find('all', $options); }} fields, conditions,
order, limit
Insert data
@ichikaway http://cake.eizoku.com/blog/
$data = array('name' => 'Ichi' 'age' => 32 );
$this->Post->save($data);
Posts collection
_id:xxx1, name: 'Ichi', 'age':32
Update data
@ichikaway http://cake.eizoku.com/blog/
$data = array( '_id' => 'xxx1', 'name' => 'Yasu' );$this->Post->save($data);
// in Cake-Mongo DataSource$MongoCollection->update( array('_id' => 'xxx001'), array('$set' => array('name' => 'Yasu')),);
$set operator
@ichikaway http://cake.eizoku.com/blog/
Posts collection
id:xxx1, name: 'Yasu', 'age':32
Posts collection
id:xxx1, name: 'Yasu' Without $set
With $set
@ichikaway http://cake.eizoku.com/blog/
Use other update
operators
Update operator ($inc)
@ichikaway http://cake.eizoku.com/blog/
$data = array( '_id' => 'xxx1', '$inc' => array('age' => 1) );$this->Post->save($data);
// in Cake-Mongo DataSource$MongoCollection->update( array('_id' => 'xxx001'), array('$inc' => array('age' => 1)),);
Update operator(result)
@ichikaway http://cake.eizoku.com/blog/
Posts collection
_id:xxx1, name: 'Ichi', 'age':32
Posts collection
_id:xxx1, name: 'Ichi', 'age':33,
Update operator(complex)
@ichikaway http://cake.eizoku.com/blog/
$data = array( '_id' => 'xxx1', '$inc' => array('age' => 1), '$push' => array('tags' => array('php', 'mongo')));$this->Post->save($data);
Update operator(result)
@ichikaway http://cake.eizoku.com/blog/
Posts collection
_id:xxx1, name: 'Ichi', 'age':32
Posts collection
_id:xxx1, name: 'Ichi', 'age':33,tags: ['php', 'mongo']
Update operator
@ichikaway http://cake.eizoku.com/blog/
●see Wiki● https://github.com/ichikaway/cakephp-mongodb/wiki/How-to-use-MongoDB-update-operators
● see test code● testUpdate()● testUpdateWithoutMongoSchemaProperty()
@ichikaway http://cake.eizoku.com/blog/
Get Cake MongoDataSource
Object
Source methods
@ichikaway http://cake.eizoku.com/blog/
● ensureIndex()● mapreduce()● group()See wikihttps://github.com/ichikaway/cakephp-mongodb/wiki/_pages
ex. make index
@ichikaway http://cake.eizoku.com/blog/
$ds = $this->Post->getDataSource();
$ds->ensureIndex( $this->Post, array('title' => 1));
@ichikaway http://cake.eizoku.com/blog/
Get MongoDB Object
@ichikaway http://cake.eizoku.com/blog/
MongoDB Object● CakeMongo DataSource
● not support all functions of MongoDB
– gridFs
– DbRef
get MongoDB Object
@ichikaway http://cake.eizoku.com/blog/
$mongo = $this->Post->getMongoDb();
get MongoDB Object
@ichikaway http://cake.eizoku.com/blog/
$mongo->getGridFs();
$mongo->setSlaveOkay();
$mongo->createDbRef();
See php manualhttp://php.net/manual/en/class.mongodb.php
@ichikaway http://cake.eizoku.com/blog/
Get MongoCollection
Object
get Mongo Collection
@ichikaway http://cake.eizoku.com/blog/
$mongo = $this->Model->getMongoDb();
$collection = $mongo-> selectCollection('posts');
get Mongo Collection
@ichikaway http://cake.eizoku.com/blog/
$collection->find();$collection->update();$collection->insert();$collection->createDbRef();
See php manualhttp://php.net/manual/en/class.mongocollection.php
@ichikaway http://cake.eizoku.com/blog/
Replica Sets
@ichikaway http://cake.eizoku.com/blog/
● master/slave replication● automatic failover● automatic recovery
Replica sets
@ichikaway http://cake.eizoku.com/blog/
Replica setsServer1Primary
Server2Secondary
Server3Secondary
ApplicationServer
(CakePHP)
Replication
Replication
@ichikaway http://cake.eizoku.com/blog/
Replica setsServer1Primary
Server2Secondary
Server3Secondary
ApplicationServer
(CakePHP)
Replication
Replication
@ichikaway http://cake.eizoku.com/blog/
Replica setsServer1Primary
Server2Primary
Server3Secondary
ApplicationServer
(CakePHP)
Replication
database.php Cake1.3
@ichikaway http://cake.eizoku.com/blog/
class DATABASE_CONFIG { public $default = array( 'driver' => 'mongodb.mongodbSource', 'database' => 'blog',
'replicaset' => array( 'host' =>'mongodb://loginid:password@ Server1:27021,Server2:27022/blog', 'options' => array('replicaSet' => 'myRepl') ), );
https://github.com/ichikaway/cakephp-mongodb/wiki/How-to-connect-to-replicaset-servers
Topic● What's MongoDB?● Using MongoDB with CakePHP
● Setup ● Usage
● Security● Future
@ichikaway http://cake.eizoku.com/blog/
@ichikaway http://cake.eizoku.com/blog/
InjectionAttack
@ichikaway http://cake.eizoku.com/blog/
ONLYPHP
( ; ´Д ` )
@ichikaway http://cake.eizoku.com/blog/
WHY??
@ichikaway http://cake.eizoku.com/blog/
● PHP makes array data from GET/POST request● ex. login.php?username=admin&passwd[$ne]=1
Injection Attack$user = $collection->find(array( "username" => $_GET['username'], "passwd" => $_GET['passwd']));
@ichikaway http://cake.eizoku.com/blog/
● PHP makes array data from GET/POST request● ex. login.php?username=admin&passwd[$ne]=1
Injection Attack$user = $collection->find(array( "username" => $_GET['username'], "passwd" => $_GET['passwd']));
$user = $collection->find(array( "username" => 'admin', "passwd" => array("$ne" => 1)));
@ichikaway http://cake.eizoku.com/blog/
● Don't trust user input data● GET/POST/Cookie
● Solution●Cast to string●Check all keys of array
Solution
@ichikaway http://cake.eizoku.com/blog/
Cast to string
Solution
@ichikaway http://cake.eizoku.com/blog/
Solution(cast to string)
$cursor = $collection->find(array( "username" => (string)$_GET['username'], "passwd" => (string)$_GET['passwd']));
@ichikaway http://cake.eizoku.com/blog/
Solution(cast to string)
$cursor = $collection->find(array( "username" => 'admin', "passwd" => 'Array'));
@ichikaway http://cake.eizoku.com/blog/
Check keysof
input data
Solution
@ichikaway http://cake.eizoku.com/blog/
Solution(check keys)
SecurePHPLibrary
https://github.com/ichikaway/SecurePHP
@ichikaway http://cake.eizoku.com/blog/
SecurePHP● Check Post/Get/Cookie●Check all array keys
● allow: a-z0-9:-_./
● Check null byte
@ichikaway http://cake.eizoku.com/blog/
SecurePHPvi webroot/index.php
require_once( 'SecurePHP/config/bootstrap.php');$Dispatcher = new Dispatcher();$Dispatcher->dispatch();
Topic● What's MongoDB?● Using MongoDB with CakePHP
● Setup ● Usage
● Security● Future
@ichikaway http://cake.eizoku.com/blog/
@ichikaway http://cake.eizoku.com/blog/
In the future
Relational data fetchcoming soon
(hasOne, hasMany, belongsTo)relation branch
Summary● What's MongoDB?● Using MongoDB with CakePHP
● Setup ● Usage(find, save, MongoObject)
● Security●Injection attack
● Future● Relational data fetch
@ichikaway http://cake.eizoku.com/blog/
THANK YOU
@ichikaway http://cake.eizoku.com/blog/