I'm building a series of web applications to use in a small business. We will be using laravel framework to build these applications. The first app will manage users, authentication and authorization for all future applications.
I have 2 doubts:
Is there some best pratice / model for this auth integration? How can I tell app B that the user is authenticated and has access to it? I want to build different laravel apps in order to make it easier to maintain, but (at least for now) they'll run in the same server.
Is it possible to make this integration with another php, non-laravel app? I have one legacy webapp, I'm trying to write the session data that authenticates it inside my laravel code and redirecting the user to the app, but the session data apparently isn't "persisting".
Thanks in advance.
It sounds like you are building a micro service architecture if you follow this methodology there is no reason your apps or services even have to be written in the same language as long as they and all interact using RESTful services.
More reading:
http://martinfowler.com/articles/microservices.html
Related
I am new to microservices, I only know the theory, developed some local examples, and also deploy them to AWS, but just that, and I have a project that has to be done with microservices, but my question is about the structure.
For example, I am planning to do the following:
Vuejs SPA for the frontend store in AWS S3- this will make the request to the Main Laravel app
the Main Laravel app to manage the authorization(login, register, password recovery)
When the user is logged in, is redirected to the "posts" page and that page loads all the posts, you can create new posts, delete them, add comments, etc. This would be another Laravel app, another microservice
Then I have another Laravel app for the user profile, where the users can update their information and also monetize their posts with given options
So, this is my plan:
a SPA stored in S3
a microservice for the Main app that handles authorization, this will be stored in lambda
a microservice for posts, this will be stored in lambda
a microservice for monetization, this will be stored in lambda
I am planning to use serverless so I am a little bit confused.
Where should be the AWS API gateway in the SPA or Main app? or how can I configure it
Should I use only one database and each microservice connect to it?
Should I use different databases? if so, can I how can I synchronize them
If a user logs in to the Main app, it generates a token with sanctum or passport, then this token is sent in the header request to the posts or monetization microservice, is ok this approach?
Should I install a Sanctum or passport?
Should I install Sanctum or passport in all the microservices or only in the Main app?
What can I do? thank you.
If I understand correctly you have one UI communicating with multiple microservices in the backend.
Since you are using serverless, a microservice is probably a set of functions around one functionality that are deployed together. That is totally fine.
In general you will want to have a separate storage area for each microservice. If they are physically different databases or not does not make the big difference in cloud environments because you can always change it according to your needs. The important point is that the storage area is encapsulated by the services. This might mean each microservice has an area within a database that noone else has access to.
This also means you have to use interfaces to get data of other microserivces. There are basically two ways to do so:
synchronously API use of other microservice to retrieve data.
asynchronous data replication via a message bus (event-driven architecture).
For token-based auth: your Main app will create an encrypted JWT token using a private key including user information like email, etc. This token has to be stored in the client and sent to other microservices via a header with every request. They can use decryption mechanisms to ensure the validity of the token and need the public key of the Main app for this. You might consider enter link description hereAWS Cognito libraries because they to that job for you
In general, you should overthink using microservice since they are no silver bullet. You should ask yourself the following two questions:
Do I need to scale development? (e.g. 50 developers +)
Do I need independent deployment/service evolution?
If the answer is "no" to these questions you might consider using some best practices of microservices, but I'd advice against introducing the full overhead of microservices. You could also just have some serverless functions working on a common database.
Recently assigned to a new project where we need to build a api centric web application. Requirement is to build 2 separate projects in Laravel one the has all API's that can be accessed by either web or mobile applications(for future purpose) and other is a web application that uses the API's to work almost all of its function.
Building an API project in Laravel is a easy and lots of tutorials are available about using passport etc. But how do i implement that API to web application.
My major question is how do i setup authentication for web application using api, because its default authentication is model based, or my approach is wrong?
Please suggest ideas, because we are currently in planning phase.
Thanks in advance
Each Laravel Project will be identified as it's own "site" so the only suggestion I would have is if you plan to invoke your APIs via AJAX calls to be wary of Cross-Domain Scripting issues.
I want to use laravel(as backend) and angular(as frontend).
As far as I know I can use 2 methods :-
1) I can integrate both frameworks by using API service or
2) I can use monolithic architecture style (using angular with blade template)
As per my requirements 2nd option is better because in it I can use laravel's default functionalities in angular like (Auth, user roles and permissions etc).
But I afraid that 2nd option makes the project complex and messy in future.
which is the better option?
I have used myself Laravel with Angular v2+, the way I did was to make two separate projects, one which creates the API's (The Laravel app) and one which consumes the API's (Angular v6 app). That is how it is meant to work and that is how you should approach it.
If you want to integrate the front with the back end, and still have a powerful SPA, then you can go with VueJS, there are vast resources when it comes to the Laravel Vue combination.
another thing to consider is what is this project about?
is it a client website? or just a web app? does it require SEO? beware.
make sure you fully understand (angular) universal and it's current limitations/problems.
UPDATE: I am currently using Angular 6 with with Server side rendering(universal) and a Laravel API as a Backend solution for a complex & highly ranked website in the UK.
You have API routes available which doesn't look for CSRF tokens. Use any JWT package for web token authentication implementation. Host your Angular app separately and send request to API routes.
Your Angular apps are standalone applications. They don't need Laravel for running on server. You just need to use API routes for working with data.
I am working in a project which will have a web, android and iOS application.I have decided using laravel 5.4 to create the web application and also there will the rest api to feed all these app. The api should also be secured so that only my app can access them.
Anyone please tell me from your previous experience what will be the correct way and the best practice to do this
You can use Node.js or Python on which you can develop rest API very easily.The framework like express in Node.js and Flask in python will let you get started with your API within 30 min.After that, you can deploy the API to Heroku to get secure access
If the web, android and IOS application relate to the same project / resources (e.g. database tables, etc.), the easiest way to do this would be a single Laravel project.
In your routes directory, you can have 3 different files (say web.php, ios.php and android.php) to define the routes. Similarly, you can place controllers in separate directories while keeping the Eloquent models/migrations, etc. the same for all three.
To use different authentication methods for all three, you can add custom guards in Laravel.
I would not build anything in larvel and run away form php as soon as possible. Go learn node.js or django. Death to php.
The best current framework to builds apis is Sanic.
Sanic 33,342 Requests/sec 2.96ms Avg Latency
https://github.com/channelcat/sanic
I also like python flask because it is very simple to understand and get something up and running quickly.
Your app currently does not need to be super optimal all you need to is getting working, But best practice wise i think the most important thing for building apis for mobile apps is backwards compatibility.
Sometimes your going to want to update the your app.
Users often don't update the apps. So if you build a new api all the people who dont update their app will get error messages. So just make sure you make a new route with the version name in the prefix in the app. There is alot of other things you can do like rate limiting,Salting your apis and ect. If you dont have that many users don't worry about this yet. Just build it and then latter learn when you need to learn in.
I am building an application and currently focusing on the mobile part .
I wanted to use Lumen microframework for the server-side and Apis to connect to the mobile app.
However i also wanted to extend the application later on to build a website (Laravel)
They will both be using the same database .
I am wondering whether i should use Laravel directly and make it responsible for the apis too (albeit it would be slower for mobile apps)
Or i was wondering if i can use a combination of both.
Lumen - to deal with server requests e.g : api.site.com/...
Laravel - to deal with the website e.g : site.com/....
You could do either or, but I would suggest keeping the website and the API isolated.
I actually just finished up a similar project.
I have a mobile app built on Ionic, an API built on Lumen and an admin CMS built on Laravel. The CMS updates content in the API via authenticated API calls and then the app pulls from it.
If you take this route, you could make API calls from the CMS/Website using client side or server side requests. My CMS uses server side calls leveraging Guzzle.
I would suggest looking at sharing models between the two applications such that you don't have to update content via API calls. Here is a nice article on how to do so.