Remember you can check and test the project here:
https://rest-api-with-slim-4.avanzartewebs.com/
and see the repo here:
https://github.com/Franweb79/00.rest-api-with-slim-4
On this post, we continue and finish the article and work described here.
To develop this project, I have followed official docs as well as two great tutorials to work with Slim 4
https://odan.github.io/2019/11/05/slim4-tutorial.html
THINGS I HAVE LEARNED
-First of all, I had to work with composer, which is a PHP package manager similar to npm for Javascript. Never worked with it.
I also have learnt some things I consider good practices or at least a better way to do things than I was doing before:
-The attribute names on forms should not be composed of many words without separation. For example is better to avoid mistypings and confussions:
login_checkbox_name
than
loginCheckBoxName
So it would be, for example:
<input type=”checkbox” name=” login_checkbox_name”>
Also never use spaces, can lead to errors when validating
-I am very concerned about security. As I had to store user´s session I have investigated a lot regarding cookies and other options to store and remember user sessions.
I realized that storing sensitive data like user´s hashed password to remember the session on cookies is not secure (when you are nov ice is usually to make it that way). So, after seeing disvantages of options like Local Storage which can be easily attacked through javascript and XSS injections, I decided to use a session token which will generate a random code when user wants to remember session and which will be unique for that only user and session.
-I have also realized that, although learning to validate a form with raw PHP is essential, if you want to save time, sometimes you must use some of those libraries, specially if you have a project with a given deadline. It has disvantages like relying on an external library to do things that could entirely be done by yourself, but nowadays is necessary.
ln this case, I researched and used valitron to validate the form.
https://github.com/vlucas/valitron
-Maybe the most important among all the things listed in this post that I noticed, is the importance of trying to write clear, proper comments. Benefits:
- A good and clear structure, will be useful not only for future programmers but for yourself in the future. How many times happened that you check a code some years or even months later, and you don´t know why or how you did something? Good comments will avoid it. Make comments as if you don´t know how to code. Don´t take things for granted. Some programmers think commenting code is a sign of unclean code which doesn´t speaks by itself. As I pointed out, I personally find you could have problems to understand your own code in the future and, also, I find it disrespectful for new developers which could join the project later, if you work on a team. A team is supposed to be working for a common goal, and we must make things easy to each other. For me the willing to help, and the wish to learn are even more important than coding skills to achieve success on a company.
- Another implicit advantage will be you will save a lot of time later, because you won´t have to clean so much For sure you can do a bulk deleting action with some IDEs like VS Code, if you have to delete all the commented “var_dump()” or “die()” you left everywhere; but it vcould lead to errors if you delete something should not be deleted with that bulk deletion.So, I have read some good articles and spent a lot of time improving comments. I know it is far from being perfect but I hope it is clear enough (I wait for your advices anyway).
- Also I tried to present a professional and clear readme.md file on the project. Proper work with markdown (md) files (remember you can see it on my GitHub repository), can help you look like a real developer which cares about project´s usage.https://www.markdownguide.org/basic-syntax/.Maybe for next project I will try the flavored Github markdown too.
-Also regarding security and usage, I find important that recruiters or potential employers are allowed to actively test my work; that means they can create users, upload images…
In order they can test my projects on a more secure way, I started to use MySQL scheduled tasks and/ or CRON jobs.
That allow me to reset the app´s database on a regular basis (daily, monthly…), so we are sure it doesn´t matter what the user do; the app will be restored with the demo data I want it to include and show.
Usually it is done with MySQL scheduled jobs, but sometimes it is not possible, like it actuallyu happened to me on this project. Reason is, my hosting provider uses a shared web server, and for security reasons, scheduled tasks are only allowed for a super user, and a super user would compromise the safety of other databases hosted by other users on that hosting.
To solve that, they allow to execute those scheduled jobs through CRON JOBS , which are linux commands which will work on a server going under that Operative System (for example, with Apache). This way you can create scheduled jobs without having too many, risky privileges.
– I have noticed (or better said, remembered) the importance of always having PAPER AND PEN with you.
Someone told me about that at the beginning of my career, but many times we don’t realize due to pressure, and sometimes we don´t see we can save a lot of time if we stop coding and start to analyse a problem with a paper and a pen.
For example, on this project I had a problem to show the errors array provided by valitron library. I thought it would return an array with each error being an index of that array; but after struggling with some problems to properly show those errors, when I made a print of the array with print_r(), I saw it was something different
So, with the little help of a paper and a pen to see it more structured, I saw the errors array it was actually an array of arrays, being each error an array itself, so I had to iterate like the old, basic matrix (with two foreach loops).
-Another thing I find a good practice is that a method should do only what it says it does.
If your method is called “insertUser()” your method should only insert that user. Connection to Database should be for example another method which would implement the connection logic, and would be called inside “insertUser()”
-More about security basics: Using PHP PDO statements will improve our code´s security and can avoid SQL injections.
https://www.w3schools.com/php/php_mysql_prepared_statements.asp
-And last but not least, maybe is also a good practice if we obfuscate your Javascript files to make things a little harder for potencial attackers. Specially if for example you use AJAX techniques to retrieve data from a database.
You have a good free tool to obfuscate yourt code here:
So I can say, developing this project has been extremely productive to me, because I have remembered and learned many useful things which will help me to be a better developer.
Development has gone slower than I would like because at the same time I am updating my Angular and Javascript skills, as well as digging a bit into the Reactive Programming paradigm which is so usual and essential today (including the mentioned Angular framework).
Also I am learning swedish and learning to play guitar as well as giving sports and mindfulness the importance in life it should have for every of us. Even as developers such things can be more helpful than we could think to be more productive. That´s why I mention it: I learned the importance of taking care about your body and mind. I will finish with a good reading about it:
https://www.activenorfolk.org/2021/05/mental-benefits-of-sport/