v6.0.0

.github/workflows/php81.yaml

@@ -12,19 +12,17 @@ concurrency:
 jobs:
   test:
     name: Run Tests
-    uses: WebFiori/workflows/.github/workflows/test-php.yaml@v1.1
+    uses: WebFiori/workflows/.github/workflows/test-php.yaml@v1.2.5
     with:
       php-version: '8.1'
+      phpunit-config: 'tests/phpunit.xml'
 
   code-coverage:
     name: Coverage
     needs: test
-    uses: WebFiori/workflows/.github/workflows/coverage-codecov.yaml@v1.1
+    uses: WebFiori/workflows/.github/workflows/coverage-codecov.yaml@v1.2.5
     with:
       php-version: '8.1'
       coverage-file: 'php-8.1-coverage.xml'
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
-
-

.github/workflows/php82.yaml

@@ -12,20 +12,17 @@ concurrency:
 jobs:
   test:
     name: Run Tests
-    uses: WebFiori/workflows/.github/workflows/test-php.yaml@v1.1
+    uses: WebFiori/workflows/.github/workflows/test-php.yaml@v1.2.5
     with:
       php-version: '8.2'
-      phpunit-config: "tests/phpunit10.xml"
+      phpunit-config: 'tests/phpunit.xml'
 
   code-coverage:
     name: Coverage
     needs: test
-    uses: WebFiori/workflows/.github/workflows/coverage-codecov.yaml@v1.1
+    uses: WebFiori/workflows/.github/workflows/coverage-codecov.yaml@v1.2.5
     with:
       php-version: '8.2'
       coverage-file: 'php-8.2-coverage.xml'
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
-
-

.github/workflows/php83.yaml

@@ -5,43 +5,24 @@ on:
     branches: [ main, dev ]
   pull_request:
     branches: [ main, dev ]
-env:
-  OPERATING_SYS: ubuntu-latest
-  PHP_VERSION: 8.3
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
-
   test:
     name: Run Tests
-    uses: WebFiori/workflows/.github/workflows/test-php.yaml@v1.1
+    uses: WebFiori/workflows/.github/workflows/test-php.yaml@v1.2.5
     with:
       php-version: '8.3'
-      phpunit-config: 'tests/phpunit10.xml'
-
+      phpunit-config: 'tests/phpunit.xml'
 
   code-coverage:
     name: Coverage
     needs: test
-    uses: WebFiori/workflows/.github/workflows/coverage-codecov.yaml@v1.1
+    uses: WebFiori/workflows/.github/workflows/coverage-codecov.yaml@v1.2.5
     with:
       php-version: '8.3'
       coverage-file: 'php-8.3-coverage.xml'
     secrets:
-      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}  
-
-  code-quality:
-    name: Code Quality
-    needs: test
-    uses: WebFiori/workflows/.github/workflows/quality-sonarcloud.yaml@v1.1
-    secrets:
-      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
-  release-prod:
-    name: Prepare Production Release Branch / Publish Release
-    needs: [code-coverage, code-quality]
-    uses: WebFiori/workflows/.github/workflows/release-php.yaml@v1.1
-    with:
-      branch: 'main'
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/php84.yaml

@@ -12,20 +12,17 @@ concurrency:
 jobs:
   test:
     name: Run Tests
-    uses: WebFiori/workflows/.github/workflows/test-php.yaml@v1.1
+    uses: WebFiori/workflows/.github/workflows/test-php.yaml@v1.2.5
     with:
       php-version: '8.4'
-      phpunit-config: "tests/phpunit10.xml"
+      phpunit-config: 'tests/phpunit.xml'
 
   code-coverage:
     name: Coverage
     needs: test
-    uses: WebFiori/workflows/.github/workflows/coverage-codecov.yaml@v1.1
+    uses: WebFiori/workflows/.github/workflows/coverage-codecov.yaml@v1.2.5
     with:
       php-version: '8.4'
       coverage-file: 'php-8.4-coverage.xml'
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
-
-

.github/workflows/php85.yaml

@@ -12,20 +12,32 @@ concurrency:
 jobs:
   test:
     name: Run Tests
-    uses: WebFiori/workflows/.github/workflows/test-php.yaml@v1.1
+    uses: WebFiori/workflows/.github/workflows/test-php.yaml@v1.2.5
     with:
       php-version: '8.5'
-      phpunit-config: "tests/phpunit10.xml"
+      phpunit-config: 'tests/phpunit.xml'
 
   code-coverage:
     name: Coverage
     needs: test
-    uses: WebFiori/workflows/.github/workflows/coverage-codecov.yaml@v1.1
+    uses: WebFiori/workflows/.github/workflows/coverage-codecov.yaml@v1.2.5
     with:
       php-version: '8.5'
       coverage-file: 'php-8.5-coverage.xml'
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
-
-
+
+  code-quality:
+    name: Code Quality
+    needs: test
+    uses: WebFiori/workflows/.github/workflows/quality-sonarcloud.yaml@v1.2.5
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  release-prod:
+    name: Prepare Production Release Branch / Publish Release
+    if: ${{ always() && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+    needs: [code-coverage, code-quality]
+    uses: WebFiori/workflows/.github/workflows/release-php.yaml@v1.2.5
+    with:
+      branch: 'main'

README.md

@@ -151,9 +151,14 @@ class HelloService extends AbstractWebService {
 }
 ```
 
-Both approaches work with `WebServicesManager`:
+Both approaches work with `RequestProcessor` (recommended) or `WebServicesManager`:
 
 ```php
+// Recommended: process a single service directly
+$processor = new RequestProcessor();
+$processor->process(new HelloService());
+
+// Legacy: register services in a manager
 $manager = new WebServicesManager();
 $manager->addService(new HelloService());
 $manager->process();
@@ -353,6 +358,8 @@ ParamOption::MAX_LENGTH   // Maximum length (string types)
 ParamOption::EMPTY        // Allow empty strings
 ParamOption::FILTER       // Custom filter function
 ParamOption::DESCRIPTION  // Parameter description
+ParamOption::ALLOWED_VALUES // Restrict to a set of allowed values
+ParamOption::PATTERN      // Regex pattern for validation
 ```
 
 ### Custom Validation
@@ -404,6 +411,73 @@ public function getData(int $id, ?string $name): array {
 }
 ```
 
+### Reusable Parameter Sets
+
+Implement the `ParameterSet` interface to group related parameters:
+
+```php
+class PaginationParams implements ParameterSet {
+    public function getParameters(): array {
+        return [
+            'page' => [ParamOption::TYPE => ParamType::INT, ParamOption::OPTIONAL => true, ParamOption::DEFAULT => 1],
+            'per_page' => [ParamOption::TYPE => ParamType::INT, ParamOption::OPTIONAL => true, ParamOption::DEFAULT => 20],
+        ];
+    }
+}
+```
+
+Use with attributes:
+
+```php
+#[GetMapping]
+#[ResponseBody]
+#[UseParameterSet(PaginationParams::class)]
+public function listItems(int $page = 1, int $perPage = 20): array { ... }
+```
+
+Or traditionally:
+
+```php
+$this->addParameterSet(new PaginationParams());
+```
+
+## Cross-Field Validation
+
+For validation rules that depend on multiple parameters together, use the `#[Validate]` attribute or override the `validate()` method:
+
+### Method-Specific Validation (Attribute)
+
+```php
+#[PostMapping]
+#[ResponseBody]
+#[Validate('validateRegistration')]
+#[RequestParam('password', ParamType::STRING)]
+#[RequestParam('password_confirm', ParamType::STRING)]
+public function register(string $password, string $passwordConfirm): array { ... }
+
+private function validateRegistration(array $inputs): array {
+    $errors = [];
+    if ($inputs['password'] !== $inputs['password_confirm']) {
+        $errors['password_confirm'] = 'Passwords do not match.';
+    }
+    return $errors; // empty = pass
+}
+```
+
+### Service-Wide Validation (Override)
+
+```php
+public function validate(array $inputs): array {
+    $errors = [];
+    if (isset($inputs['end_date']) && $inputs['end_date'] <= $inputs['start_date']) {
+        $errors['end_date'] = 'End date must be after start date.';
+    }
+    return $errors;
+}
+```
+
+Both run if defined — service-wide first, then method-specific. Errors are merged. If any errors exist, the request returns 422 with the error details.
+
 ## Dynamic Status Codes with ResponseEntity
 
 The `ResponseEntity` class allows `#[ResponseBody]` methods to return different HTTP status codes based on runtime logic:
@@ -566,6 +640,35 @@ For more examples, check the [examples](examples/) directory in this repository.
 - [`APIFilter`](https://webfiori.com/docs/webfiori/http/APIFilter) - Input filtering and validation
 - [`Request`](https://webfiori.com/docs/webfiori/http/Request) - HTTP request utilities
 - [`Response`](https://webfiori.com/docs/webfiori/http/Response) - HTTP response utilities
+- [`ErrorResponse`](https://webfiori.com/docs/webfiori/http/ErrorResponse) - Standardized error response generation
+- [`OpenAPIGenerator`](https://webfiori.com/docs/webfiori/http/OpenAPI/OpenAPIGenerator) - Standalone OpenAPI spec generation
+
+### Content Negotiation
+
+Use `#[Produces]` to declare what content types a method can return. The framework matches against the client's `Accept` header:
+
+```php
+use WebFiori\Http\Annotations\Produces;
+use WebFiori\Http\MediaType;
+use WebFiori\Http\ResponseEntity;
+
+#[GetMapping]
+#[ResponseBody]
+#[Produces(MediaType::JSON, MediaType::XML)]
+public function getUser(int $id): ResponseEntity {
+    $type = $this->getNegotiatedContentType();
+
+    if ($type === MediaType::XML) {
+        return new ResponseEntity('<user>...</user>', 200, MediaType::XML);
+    }
+
+    return ResponseEntity::ok(new Json(['id' => $id]));
+}
+```
+
+- No `#[Produces]` → always JSON (default, unchanged)
+- `Accept` header doesn't match → 406 Not Acceptable
+- `Accept: */*` or not set → server's first preference
 
 ## Contributing
 

WebFiori/Http/APIFilter.php

@@ -168,10 +168,12 @@
             $defaultVal = $def[$paramIdx]->getDefault();
 
             if (isset($arr[$name])) {
-                if (gettype($arr[$name]) != 'array') {
-                    $toBeFiltered = urldecode($arr[$name]);
-                } else {
+                if (gettype($arr[$name]) == 'array') {
                     $toBeFiltered = self::decodeArray($arr[$name]);
+                } else if (gettype($arr[$name]) == 'boolean') {
+                    $toBeFiltered = $arr[$name];
+                } else {
+                    $toBeFiltered = urldecode($arr[$name]);
                 }
                 $retVal[$noFIdx][$name] = $toBeFiltered;
 
@@ -344,6 +346,9 @@
         if (gettype($toBeFiltered) == 'array') {
             return $toBeFiltered;
         }
+        if (gettype($toBeFiltered) == 'boolean') {
+            return $toBeFiltered;
+        }
         $toBeFiltered = strip_tags($toBeFiltered);
 
         $paramObj = $def['parameter'];
@@ -383,6 +388,10 @@
             }
         }
 
+        if ($returnVal !== self::INVALID) {
+            $returnVal = self::checkAllowedAndPattern($returnVal, $paramObj);
+        }
+
         return $returnVal;
     }
     private static function applyCustomFilterFunc($def, $toBeFiltered) {
@@ -410,7 +419,7 @@
 
         return $returnVal;
     }
     private function applyJsonBasicFilter(Json $extraClean, $toBeFiltered, $def) {
         $paramObj = $def['parameter'];
         $paramType = $paramObj->getType();
         $name = $paramObj->getName();
@@ -420,12 +429,13 @@
             $toBeFiltered = strip_tags($toBeFiltered);
         }
 
-        if ($paramType == $toBeFilteredType || $toBeFilteredType == 'object' && $paramType == ParamType::JSON_OBJ) {
+        if ($paramType == $toBeFilteredType || $toBeFilteredType == 'object' && $paramType == ParamType::JSON_OBJ
+            || ($toBeFilteredType == 'string' && in_array($paramType, ParamType::getStringTypes()))) {
             if ($paramType == ParamType::BOOL) {
                 $extraClean->addBoolean($name, $toBeFiltered);
             } else if ($paramType == ParamType::DOUBLE || $paramType == ParamType::INT) {
                 $extraClean->addNumber($name, $toBeFiltered);
-            } else if ($paramType == 'string') {
+            } else if (in_array($paramType, ParamType::getStringTypes())) {
                 $this->cleanJsonStr($extraClean, $def, $toBeFiltered);
             } else if ($paramType == ParamType::ARR) {
                 $extraClean->addArray($name, $this->cleanJsonArray($toBeFiltered, true));
@@ -545,6 +555,11 @@
 
         if (strlen($cleaned) == 0 && $def['options']['options']['allow-empty'] === false) {
             $extraClean->add($name, null);
+            return;
+        }
+
+        if ($cleaned !== null && self::checkAllowedAndPattern($cleaned, $def['parameter']) === self::INVALID) {
+            $extraClean->add($name, null);
         }
     }
     private static function decodeArray(array $array) {
@@ -965,4 +980,27 @@
 
         return false;
     }
+    /**
+     * Checks allowed values and pattern constraints on a filtered value.
+     * 
+     * @param mixed $value The filtered value.
+     * @param RequestParameter $param The parameter definition.
+     * 
+     * @return mixed The value if valid, or self::INVALID if constraints fail.
+     */
+    private static function checkAllowedAndPattern($value, RequestParameter $param) {
+        $allowed = $param->getAllowedValues();
+
+        if (!empty($allowed) && !in_array($value, $allowed, true)) {
+            return self::INVALID;
+        }
+
+        $pattern = $param->getPattern();
+
+        if ($pattern !== null && is_string($value) && !preg_match($pattern, $value)) {
+            return self::INVALID;
+        }
+
+        return $value;
+    }
 }