PHPackages                             sabservis/api - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [API Development](/categories/api)
4. /
5. sabservis/api

ActiveLibrary[API Development](/categories/api)

sabservis/api
=============

v2.9(2mo ago)01.1kPHPPHP &gt;= 8.1

Since Oct 30Pushed 2mo agoCompare

[ Source](https://github.com/sabservis/api_base)[ Packagist](https://packagist.org/packages/sabservis/api)[ RSS](/packages/sabservis-api/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (10)Dependencies (16)Versions (18)Used By (0)

Sabservis API
=============

[](#sabservis-api)

Moderní PHP REST API framework pro Nette s automatickou OpenAPI dokumentací.

[![PHP](https://camo.githubusercontent.com/45d36955804bf3f4f17097b05a7f41a28e578dc24e0d3ad0d21ae9d9762f44c6/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e312b2d626c75652e737667)](https://php.net)[![License](https://camo.githubusercontent.com/8bb50fd2278f18fc326bf71f6e88ca8f884f72f179d3e555e20ed30157190d0d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e2e737667)](LICENSE)[![CI](https://github.com/sabservis/api_base/actions/workflows/main.yml/badge.svg)](https://github.com/sabservis/api_base/actions/workflows/main.yml)[![Coverage Gate](https://camo.githubusercontent.com/722aee29fa97f4493322c53bc0d2a21a23848581880045429ab257b295d62f40/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f636f7665726167655f676174652d25453225383925413536352532352d627269676874677265656e2e737667)](.github/workflows/main.yml)[![Tests](https://camo.githubusercontent.com/b411d326e52eeff8806728b05ea8ef1c2b02bfbf9a21ab4ef24ca2ffd7253461/68747470733a2f2f696d672e736869656c64732e696f2f656e64706f696e743f75726c3d68747470733a2f2f7261772e67697468756275736572636f6e74656e742e636f6d2f7361627365727669732f6170695f626173652f6d61696e2f2e6769746875622f6261646765732f74657374732e6a736f6e)](https://github.com/sabservis/api_base/actions/workflows/main.yml)[![Assertions](https://camo.githubusercontent.com/0302e42462f850a7fa59c05e39ab434ea4c6b5fd1a08b9ca4a915b7987fea429/68747470733a2f2f696d672e736869656c64732e696f2f656e64706f696e743f75726c3d68747470733a2f2f7261772e67697468756275736572636f6e74656e742e636f6d2f7361627365727669732f6170695f626173652f6d61696e2f2e6769746875622f6261646765732f617373657274696f6e732e6a736f6e)](https://github.com/sabservis/api_base/actions/workflows/main.yml)[![PHPStan](https://camo.githubusercontent.com/24e256ea5a9b56eafd1d64260156fb7a1fff388faa2d79877dbfb3486e0e3f0f/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048505374616e2d6c6576656c5f382d627269676874677265656e2e737667)](https://phpstan.org/)[![Code Style](https://camo.githubusercontent.com/6de0b9647f04e646ed1ff549d25b800060f2509654834fbff77f98a5ac345443/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f636f64655f7374796c652d536c65766f6d61745f43532d626c75652e737667)](https://github.com/slevomat/coding-standard)

Features
--------

[](#features)

- **Deklarativní routing** - Definuj endpointy pomocí PHP 8 atributů
- **OpenAPI 3.0** - Automatické generování dokumentace
- **Type-safe** - Plná podpora typovaných parametrů, enumů, DTO
- **Middleware** - Rozšiřitelný middleware pipeline (CORS, rate limiting, auth)
- **Validace** - Vestavěná validace requestů s detailními chybami
- **File Uploads** - Server-side MIME validace, filename sanitizace, symlink ochrana
- **Security** - Rate limiting, request size limits, path traversal ochrana

Quick Start
-----------

[](#quick-start)

```
composer require sabservis/api
```

```
# config.neon
extensions:
    api: Sabservis\Api\DI\ApiExtension

api:
    debug: %debugMode%
    maxRequestBodySize: 10485760  # 10MB limit (DoS ochrana)
    trustedProxies:               # Za reverse proxy (nginx, Cloudflare)
        - 10.0.0.0/8
        - 172.16.0.0/12
    router:
        basePath: /api
```

```
// www/index.php
Bootstrap::boot()
    ->createContainer()
    ->getByType(ApiApplication::class)
    ->run();
```

```
#[Tag(name: 'users')]
class UserController implements Controller
{
    #[Get(path: '/users/{id}')]
    public function get(int $id): UserDto
    {
        return $this->users->find($id);
    }

    #[Post(path: '/users')]
    #[RequestBody(ref: CreateUserDto::class)]
    public function create(ApiRequest $request): ApiResponse
    {
        $dto = $request->getEntity();
        return ApiResponse::created($this->users->create($dto));
    }
}
```

File Uploads
------------

[](#file-uploads)

Bezpečné nahrávání souborů s automatickou MIME validací:

```
#[Post(path: '/documents')]
#[FileUpload(name: 'file', allowedTypes: ['application/pdf', 'image/jpeg', 'image/png'])]
public function upload(ApiRequest $request): ApiResponse
{
    $file = $request->getUploadedFile('file');

    // MIME type je automaticky validován pomocí finfo (magic bytes)
    // Klientský Content-Type header je ignorován (nelze spoofovat)

    // Bezpečný přesun - vytvoří adresář, sanitizuje název, nepřepíše existující
    $path = $file->moveToDirectory('/uploads');

    return ApiResponse::created(['filename' => basename($path)]);
}
```

**Bezpečnostní funkce:**

- Server-side MIME detekce (`finfo`) - klient nemůže spoofovat typ souboru
- Automatická filename sanitizace - ochrana proti path traversal (`../`)
- Symlink ochrana - volitelné blokování symlinků
- Validace `allowedTypes` na úrovni dispatcheru (415 Unsupported Media Type)

```
// Manuální validace v kontroleru
$file->getValidatedContentType();              // Server-side MIME type
$file->isAllowedType(['application/pdf']);     // true/false
$file->assertAllowedType(['application/pdf']); // throws exception
$file->getSanitizedName();                     // Bezpečný filename

// Bezpečný přesun souboru
$file->moveTo($path);                          // Nepřepíše existující (safe default)
$file->moveTo($path, overwrite: true);         // Explicitní přepsání
$file->moveToDirectory($dir);                  // Auto: vytvoří dir, sanitizuje název
$file->moveToDirectory($dir, 'custom.pdf');    // Vlastní název (sanitizovaný)
```

Validace request DTO
--------------------

[](#validace-request-dto)

Framework automaticky validuje request DTO po deserializaci pomocí `DataMapperEntityValidator`. Na DTO properties používej validační atributy z knihovny `pocta/data-mapper`:

```
use Pocta\DataMapper\Validation\NotBlank;
use Pocta\DataMapper\Validation\Email;
use Pocta\DataMapper\Validation\Valid;

class CreateUserDto
{
    #[NotBlank]
    public string $name;

    #[Email]
    public string $email;

    #[Valid]
    public AddressDto $address;  // rekurzivní validace
}
```

Při odeslání nevalidních dat vrátí framework `422` s detailními chybami:

```
{
  "code": 422,
  "message": "Request body contains an error. See context for details.",
  "context": {
    "validation": {
      "name": ["This field is required."],
      "email": ["This value is not a valid email address."],
      "address.street": ["This field is required."]
    }
  }
}
```

### Vypnutí validace

[](#vypnutí-validace)

```
api:
    validator: null
```

### Vlastní validátor

[](#vlastní-validátor)

Implementuj `EntityValidator` interface a zaregistruj v konfiguraci:

```
class SymfonyEntityValidator implements EntityValidator
{
    public function validate(object $entity, array|string|null $validationGroups = null): void
    {
        // vlastní validační logika
        // při chybě throw new ValidationException()->withFields([...])
    }
}
```

```
api:
    validator: App\Api\Validator\SymfonyEntityValidator
```

Documentation
-------------

[](#documentation)

TémaPopis[Getting Started](docs/getting-started.md)Instalace, konfigurace, první endpoint[Controllers &amp; Routing](docs/controllers.md)Definice endpointů, HTTP metody, path parametry[Request &amp; Response](docs/request-response.md)Práce s ApiRequest a ApiResponse[Parameters &amp; Validation](docs/parameters.md)Query, path, header parametry, validace[OpenAPI](docs/openapi.md)Automatická dokumentace, Schema atributy[Middleware](docs/middleware.md)Vestavěné middleware, vlastní middleware[Security](docs/security.md)Rate limiting, file security, best practices[Testing](docs/testing.md)ApiTestClient, testování controllerůRequirements
------------

[](#requirements)

- PHP 8.1+
- Nette DI 3.2+
- Symfony Cache 6.4+

License
-------

[](#license)

[MIT](LICENSE)

###  Health Score

45

—

FairBetter than 93% of packages

Maintenance86

Actively maintained with recent releases

Popularity18

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity56

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 98.4% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~33 days

Recently: every ~5 days

Total

16

Last Release

67d ago

Major Versions

v1.0.5 → v2.02026-02-06

### Community

Maintainers

![](https://www.gravatar.com/avatar/7767e0ba6c49982f1045eae9d9e1157507789132da607f9c79a019879e4ed446?d=identicon)[igorpocta](/maintainers/igorpocta)

---

Top Contributors

[![igorpocta](https://avatars.githubusercontent.com/u/149055325?v=4)](https://github.com/igorpocta "igorpocta (60 commits)")[![igorpocta2](https://avatars.githubusercontent.com/u/6266721?v=4)](https://github.com/igorpocta2 "igorpocta2 (1 commits)")

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Type Coverage Yes

### Embed Badge

![Health badge](/badges/sabservis-api/health.svg)

```
[![Health](https://phpackages.com/badges/sabservis-api/health.svg)](https://phpackages.com/packages/sabservis-api)
```

###  Alternatives

[thecodingmachine/graphqlite

Write your GraphQL queries in simple to write controllers (using webonyx/graphql-php).

5723.1M30](/packages/thecodingmachine-graphqlite)[team-reflex/discord-php

An unofficial API to interact with the voice and text service Discord.

1.1k379.4k24](/packages/team-reflex-discord-php)[commercetools/commercetools-sdk

The official PHP SDK for the commercetools Composable Commerce APIs

19281.5k](/packages/commercetools-commercetools-sdk)[oxid-esales/graphql-base

OXID eSales GraphQL base module

24101.0k10](/packages/oxid-esales-graphql-base)[j-webb/laravel-unleash

An Unleash client for Laravel

11153.8k](/packages/j-webb-laravel-unleash)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)