Forem: keikesu0122

How does Composer help you manage php libraries?

keikesu0122 — Sun, 31 Jan 2021 12:56:54 +0000

1.What is Composer?
Composer helps you manage php libraries. Let's assume that you want to use library A that depends on library B. Without Composer, you would need to install library A and B by hand. Meanwhile, if you use Composer to install library A, you don't care about library B because Composer automatically installs libraries required by library A.

2.How to install Composer on Centos7

Add EPEL and REMI repositories

sudo yum install epel-release

sudo yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm

Install Composer

sudo yum install --enablerepo=remi,remi-php73 php-pecl-zip composer

Check the Composer version to confirm that Composer has been property installed

composer -v

3.How to install libraries using Composer
There are two ways to install libraries with Composer.
Let's take the installation of monolog library as an example.

Use composer require Simply implement the following command to install monolog.

composer require monolog/monolog:"^2.0"

The library information consists of vendor name/project name:version, which is recorded in composer.json. With the command above, you can use monolog.

Use composer install

Add the following code in composer.json.

"require": {
    "monolog/monolog": "^2.0"
}

Implement the following command.

composer install

composer install installs the libraries written in composer.json. Now, you can use monolog.

The installed libraries are stored in /vendor, and you need to add require("vendor/autoload.php"); to your php program in order to use the libraries.

4.What is the difference among composer require, composer install and composer update?
As mentioned earlier, composer require is used to install a new library, and the installed library is recorded in composer.json. composer install installs the libraries in composer.json, and their versions depend on the composer.lock, which manages library versions. For example, if you want to install the libraries you're currently using onto a different development environment, you should copy composer.json and composer.lock and execute composer install so that the same libraries will be installed there. composer update is used to update the versions of the libraries recorded in composer.json. Aforementioned, the version information is recorded in composer.lock.

An Introductory Explanation of NAT and NAPT

keikesu0122 — Sat, 16 Jan 2021 12:25:07 +0000

What is NAT?

NAT stands for Network Address Transition. As the name suggests, NAT was developed to convert an IP address into a different one. NAT is mainly used to change a global IP into a private IP and vice versa. Let's take an example to understand how NAT works. Your PC has a private IP address (e.g. 192.168.10.xxx), and it is usable only in a local network such as your home network. If you use an Windows PC, you should enter ipconfig on the command prompt to see the private IP assigned to your PC. When your PC attempts to access to the Internet, a global IP (e.g. 34.203.75.ZZZ) has to be assigned to it. This is where the NAT technique comes in. NAT assigns a global IP to your PC so that it can reach the Internet.

What problem does NAT have?

NAT is not a perfect solution to get Internet access. Imagine that your PC (192.168.1.xxx) and tablet (192.168.1.YYY) attempt to get some data from the Internet at the same time. They have the same global IP on the Internet and it will be converted back into their each private IP by the router of your local network. Here is the problem. When the router tries to convert the global IP into a private IP, will the router convert it into the PC's private IP (192.168.1.XXX) or the tablet's private IP (192.168.1.YYY)? Since the global IP doesn't have information to distinguish your PC and table, the question is impossible to answer. Given this factor, NAT can not let multiple devices access the Internet simultaneously.

What is NAPT?

NAPT technique can solve the aforementioned problem. In addition to an IP address, NAPT also converts a port number. As I said above, you can not distinguish your PC and tablet only from the global IP. However, if different port numbers are assigned to your PC and tablet, let's say... 192.168.1.XXX:10000 => 34.203.75.ZZZ:20000 (PC) and 192.168.1.YYY:10000 => 34.203.75.ZZZ:30000 (tablet), the router can clearly distinguish your PC and table, which makes it possible to let multiple devices reach the Internet simultaneously.

A simple way to create an SSL certificate with Let's Encypt

keikesu0122 — Sun, 10 Jan 2021 14:38:21 +0000

What is an SSL certificate?

SSL, which stands for secure sockets layer, has two main roles. The first role is to acknowledge the validity of a web server. In other words, an SSL certificate ensures that the web server does exist. The second role is to encrypt between the web server and web clients. Without an SSL certificate, your credential information has a risk of being stolen because it is not encrypted. An SSL certificate ensures a safe communication on the Internet.

How does SSL secure the safety?

1.A web client (browser) attempts to access a web server.

2.The server sends its SSL certificate and public key to the browser.

3.Checking the validity of the certificate, the browser creates a common key.

4.Encrypting the common key with the public key, the browser sends the common key to the server.

5.The server decrypts the encrypted common key and keeps it.

After the process above, the communication between the server and browser is always encrypted with the common key.

How can you get an SSL certificate for your website?

Let's Encrypt is an easy solution to create an SSL certificate

1.Install the client software of Let's Encrypt, or certbot

 $ sudo yum install epel-release
 $ sudo yum install certbot

2.Create an SSL certificate

certbot certonly --standalone -d www.example.com

You can use the --standalone option only when your web server such as apache and nginx is off. If you want to run this command with the web server on, you have to use the --webroot option.

 $ certbot certonly --webroot -w /var/www/www.example.com -d www.example.com

You need to add the document root after the -w.
If you want to cover multiple domains, you can simply add the -d option as follows

certbot certonly --standalone -d www.example.com -d www2.example.com

3.Change your web server configuration

You need to add the following configuration to /etc/nginx/conf.d/default.conf.

server {
    listen 443 ssl;
    server_name www.example.com;
    root /var/www/www.example.com/current/web;
    ssl_certificate /etc/letsencrypt/live/www.example.com/privkey.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.example.com/fullchain.pem;
}

4.Restart your web server

sudo systemctl restart nginx

At this point, you can access to your website with HTTPS.

How to authenticate users on Laravel using middleware

keikesu0122 — Sat, 09 Jan 2021 15:17:49 +0000

1.add a route for login

Route::post('/login', 'auth@login');

2.make a controller and method for login

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Models\Util\authorizer;

class auth extends Controller
{
    public function __construct()
    {
        $this->authorizer = new authorizer();
    }

    public function login(Request $request)
    {
        $id = $request->post('userId');
        $pw = $request->post('password');

        $this->authorizer->authUser($id, $pw);

    }
}

The authUser actually authenticates users, so the next step is to make this method.

3.make a method to authenticate a user

touch app/Models/Utils/authorizer.php

<?php

namespace App\Models\Util;

use Illuminate\Http\Request;
use Illuminate\Database\Eloquent\Model;
use Session;

class authorizer extends Model
{
    public function __construct()
    {
        $this->users = new \App\Users();
    }

    //obtain a record from User table and verify the entered userId and password
    public function authUser($id, $pw)
    {
        if (is_null($id)) return false;
        if (is_null($pw)) return false;
        $user = $this->users::where('userId',$id)->get();
        if ($user === False) return false;
        if (count($user) == 0 || !isset($user['pw'])) return false;
        if (password_verify($pw, $user['pw'])) {
            $this->setAuthSession($user);
        } 
    }

    // add userId to session
    private function setAuthSession($data)
    {
        if (isset($data['userId'])) request()->session()->put('userId', $data['userId']);
        request()->session()->save();
    }
}

At this point, a login function has been mounted. The next step is to distinguish unauthorized users from authorized users.

4.make a middlerware

php artisan make:middleware Authentication

<?php

namespace App\Http\Middleware;

use Closure;

class Authentication
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        //check the session information for auchentication
        if($request->session()->get('userId')==null){
            return response()->json(array('status' => 'NG'),403);
        }
        return $next($request);
    }
}

5.add the middleware to Kernel.php to use it

/**
     * The application's route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array
     */
    protected $routeMiddleware = [
        //'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'authentication' => \App\Http\Middleware\Authentication::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
    ];

add a route group to your route file

Route::group(['middleware' => ['authentication']], function () {
   Route::get('/userlist', 'users@getUserList');
});

By adding routes in the group, the middleware function (in this case authentication) is implemented so that unauthorized users can't reach /userlist.

How do session and cookie work?

keikesu0122 — Sat, 09 Jan 2021 12:47:36 +0000

What is session?

Session is used to identify a user and store the user information. When you first login to a certain web application, an unique session id is created and stored in the web server. For example, if you add an item to your cart on an EC website, this information is also added to the session. In this way, session consists of an unique id and other user-related information. When you visit the same website again, you can open your personal page without entering your name or password. That is because the session id is used to find out who you are.

What is cookie?

Web clients, web browsers in other words, also hold the session ids created in the web sites you have visited. The session ids stored in web browsers are called cookies.

How do they work?

When you visit a website, your browser sends cookie information to the web server as a part of its http request. The web server finds the session id that matches with the cookie sent from your browser. Going through this process, the web server recognizes who is visiting the web site.

A simple way to enable CORS on Laravel

keikesu0122 — Sun, 03 Jan 2021 15:48:08 +0000

What is CORS?

CORS stands for Cross Origin Resource Sharing. Origin consists of protocol, domain and port number such as https://hogehoge.com:443. Therefore, CORS means allowing an web application on a certain origin (e.g. https://hogehoge.com) to access an web application on a different origin (e.g. https://fugafuga.com).

Why is CORS necessary?

In order to prevent cross site scripting (XSS) and cross site request forgeries, JavaScript's asynchronous communication such as Ajax follows the same origin policy, which bans access to a different origin. Without CORS configuration, web applications can not access a different origin.

What is required to enable CORS?

The simplest method to enable CORS is to add Access-Control-Allow-Origin:* to the response header from WEB servers, which allows CORS from any source. If you want to limit the source, you should specify the domain in the configuration such as Access-Control-Allow-Origin:https://hogehoge.com. You should note that a domain has to be specified if an http request includes cookie information.

How to enable CORS on Laravel

You can use an middleware that adds Access-Control-Allow-Origin to an http response header.

create an middleware

$ php artisan make:middleware Cors

2.Edit the middleware

<?php

namespace App\Http\Middleware;

use Closure;

class Cors
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        return $next($request)
            ->header('Access-Control-Allow-Origin', '*')

    }
}

3.Add the middleware to Kernel.php

protected $routeMiddleware = [
        'auth'          => \Illuminate\Auth\Middleware\Authenticate::class,
        'auth.basic'    => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings'      => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        'can'           => \Illuminate\Auth\Middleware\Authorize::class,
        'guest'         => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'signed'        => \Illuminate\Routing\Middleware\ValidateSignature::class,
        'throttle'      => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'cors'          => \App\Http\Middleware\Cors::class, // added
    ];

4.Set the middleware to routes

Route::middleware(['cors'])->group(function () {
    Route::post('/hogehoge', 'Controller@hogehoge');
});

A simple way to update your php to 8.0 on CentOS7

keikesu0122 — Sat, 02 Jan 2021 10:23:31 +0000

Uninstall your current php and its modules

sudo yum remove -y php php-*

Add remi repository

sudo yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm

Install php 8.0

sudo yum install -y --enablerepo=remi-php80 php

Confirm the php version

php -v
PHP 8.0.0 (cli) (built: Nov 24 2020 17:04:03) ( NTS gcc x86_64 )
Copyright (c) The PHP Group
Zend Engine v4.0.0-dev, Copyright (c) Zend Technologies

5.Install necessary php modules