My question title may not appropriate as I am not so aware of how to call it. I will appreciate it if anyone can edit to fits the query.
I am planning to build a web application where users will subscribe. For instance, CRM or Project management application. I want to have a separate instance and database with a custom domain for enterprise subscribers, and I may have a common database or instance for non-enterprise subscribers. The subscription will be handled through a marketing website, where all subscribers will checkout and have their own account.
Marketing website to subscribe
Application instance / website/ database / etc
Once the subscription period is over and it is not renewed, they will lose access. If they do not renew/reactivate for x time, the instance will destroy itself.
I am quite confident with PHP and MySQL, have some knowledge of AWS and Digital Ocean. I am planning to use Laravel for serverside. However, I am open to other languages as well, such as python.`
Can anyone help me to learn the best approach for the system I want to
make. Pros and Cons and things to be considered? Also, approach to make a mobile application for the subscriber where they can access their own instance.
Related
I am building an iOS/Android app using Laravel as backend and now I need a push service.
I need to push out two types of notifications, when the app is running/background and one when its closed.
I dont mind using two types of services, I mostly want one that is easy to implement into Laravel.
I have already looked at Urban airship, but it seems hard to implement this with Laravel - Might just be my mad skills.
Pusher, looks easy to implement with laravel, and can only handle in-app/background pushes. But their smallest plan only support 100 connections which seems a little. - 100 logged in users?
Parse seems to work, but if I understand their api I also need to log users into parse's API.
So please share your experiences on push services using Laravel.
in-app
Pusher allows 100 users connected simultaneously. So if you unbind the channel on appstate going to background, you should be fine up to 400-500 users (in my case, I had 2000+ users before I had to upgrade my account to startup). You can find out more about their pricing plans here: Pricing Plans
background
Parse: as of writing this, their status is "service is now shut down".
Urban Airship: I found their library the easiest to implement, and they have a ton of customization that you can apply to your notification (including notification actions).
All that being said, I had a hard time finding a library to for laravel to push the notification for Urban Airship. The only one I found is php-library2, but it's not supported any more, so use with caution.
I'm a php developer for my firm, and I'm kindoff stuck with this concept form Oauth.
I've been searching the web and read almost every article I could find about oAuth but still it won't get to me how to handle this situation.
I live in the Netherlands so forgive me if my writing is sometimes a little bit off.
I'm working on an application for our company. Its an online work platform, where people can sign up to to find work.
We sell our online application to companies who offer jobs and such.
So we have for every company that buys our web application an url like: http://companyname.onlinejobs.com ( for example ).
So we have backend users that can login in their application and they each have different roles and permissions.
We also have http://onlinejobs.com as a website where everybody can sign up to view job oppertunities and much more.
So we also have a frontend user, that also can have multiple roles, such as a free user and a premium user.
We've build a REST API that holds all methods to add and view jobs and profiles etc etc. We want this API to only be accesible to the clients that we register.
So if I register company1.onlinejobs.com than that in my opinion is a client, and can only use our api.
But now we want to intergrate oAuth to the situation.
We want the API to be protected from any unregistered clients, but we also want to make sure that a frontend free user, cannot access surtain api calls that a premium frontend user can make.
or is that permission based behaviour not something for oAuth?
Wich grant type that oAuth2 uses can we use for our situation?
I really need some help with this guys.. Hope somebody can give me a clear explanation about what to use best, or maybe even not at all.
We had a similar use case and we built our own authorization server that can handle the following use cases
Authentication and authorization from the
web applications
javascript enabled apps [Like SPA apps]
Native apps like windows services or windows apps
We have used the following flows in OAuth2.0
Authorization Code
Implicit flow
Resource owner credentials
Hence, the right choice of the flow needs to be decided on the types of applications that you plan to support.
HTH
This will look like range of questions but all are related to SaaS and PHP based application we have been building. We are conscious about our application architecture and studying it so that we ensure to encounter all essential techniques before we move to production and do not face any failure.!
To support SaaS we have decided to make our database multi-tenant where each customer will have its own database. My mind is boggling around following list of questions further.
How to provide ability to customize a SaaS multi-tenant application to suit individual tenant needs?
How to ensure security of each tenant database so that they do not access each other's data accidently?
What are clusters and how do we add new instances of application and database to them in case of increasing no. of customers?
What do we do to ensure performance and scalability of SaaS website?
How do we handle failures of SaaS application, especially when we launch new versions and updates, (continuous integration)?
Any special solutions for handling subscribers/customers and permissions of activated and deactivated modules in SaaS application?
I have attached block diagram of DB we have decided to go with
I have written a good article with many of the items which we need to consider while developing a SaaS application in PHP. Check the SaaS application development using PHP in Zend Framework
Answers to some of your questions are below:
How to provide ability to customize a SaaS multi-tenant application to suit individual tenant needs?
Its like a normal site development. Suppose you have resources A to Z then you need to keep the assigned or accessible resources of reach Tenants inside database. Then while accessing you can simply check the permissions.
How to ensure security of each tenant database so that they do not access each other's data accidently?
The database design on SaaS application is a topic which is discussed lots of times on Stack Overflow. You can go with Single database or unique database for each Tenants. For Big Projects the second one is suitable.
If you are going with Single Database, simply store the TENANT ID in all tables. And then while Authenticating the Tenant, keep the TENANT ID in SESSION based on the Sub Domain which the request coming from. Then pass this ID in all database operations and thus, it doesn't affect the data of any other Tenants accidentally.
A friend and I would like to create a website to manipulate Facebook data.
The structure is:
a PHP web role (contains the web page, user OAuth login, interacts with queues, and interacts with SQL Azure database)
an F# worker role (does statistics and quite heavy data extractions)
The process is (assuming a new user):
user arrives on the web page and logs onto Facebook via OAuth, the PHP web role then posts a message in a worktodo queue with the login info and token.
F# worker role reads the message off the worktodo queue and starts doing data crunching (using the Facebook API) and stats, then it writes the results to a SQL Azure database. Finally it posts a message to the workdone queue stating it has succeeded in doing the data processing for the user.
Finally the PHP web role reads the workdone queue and notices the work is done, and displays the algorithm results.
I have two questions:
Is there a big flaw in this design?
What is the best way to collaborate: one person will write the PHP and another the F#, is there a way to use development storage from two different machines?
Thanks a lot! (Apologies if some find this stuff too basic, I am very much a beginner in all these matters).
If you wanted to follow a bit more experimental path, you could also try looking at Phalanger. This is a project that compiles PHP code to .NET, so it may be possible to run it directly on Azure and nicely collaborate with F# (Phalanger has a few language extensions that allow you to call any .NET objects and some API for calling Phalanger objects from C#).
I was involved in the project some time ago, but it is now beign developed by other people (and as you can see from the check-ins, it is quite active again and they would surely be interested in collaborating to resolve possible Azure issues). If you were interested, let me know - I can give you some contacts, so that you can discuss the Phalanger status on Azure with them.
I don't see anything wrong with this plan.
I don't think there's a way to have two machines pointing at the same development storage, but you can just use cloud storage (even when running locally). I do that all of the time; you will pay for bandwidth and storage transactions, but for most apps in testing, this cost is trivial.
Take for instance Yahoo Mail or Twitter. When someone signs up to use their service, they'll need to automatically deploy a new database, application folder and so on - I assume!
I am planning to write an PHP application to let people add and edit invoices. Good examples would be Zoho Invoice, http://www.getballpark.com/, etc. They sure would be deploying microsites for each customer wouldn't they?
How do you do this? Would it be PHP that will handle it, or some Linux based thing.
Or if I am wrong, correct me. Maybe they have just one huge database and manage their signups from one single application.
Please guide.
Well most applications don't do that. Just imagine Twitter will have to deploy the whole Ruby on Rails Twitter application or the whole Yahoo Mail Server System for every single User.
You only choose the solution you suggest if users really need to customize their app (like plugging in own modules or change core functionality). Usually a (more or less) simple User, user options (like themes) and ACL management (e.g. for the enabled modules) should be sufficient for most applications.
Usually, it is best to use one big database. Using a combination of primary keys, foregin keys, you can easily ensure that you only display data which a user's role entitles him to.