- make your own
.envfile using.env.exampletemplate. - open a new terminal and change directory to
dockerusingcd docker - run
docker compose --env-file ../.env up -d --buildin terminal.
- Heredoc encloses the result in double quotes, meaning that it can have variables inside.
- Nowdoc encloses the result in single quotes, it can NOT have variables inside.
- Each new middleware layer surrounds any existing middleware layers. The concentric structure expands outwardly as additional middleware layers are added.
- The last middleware layer added is the first to be executed.
- check them here
- check attributes reference here
- Entity attribute is required, it marks a PHP class as an entity to be persisted in the DB
- while Table attribute is optional, it describes the table the entity is persisted in
- first - Migrate down to before the first version.
- prev - Migrate down to before the previous version.
- next - Migrate up to the next version.
- latest - Migrate up to the latest version.
- the problem was that the "foreign key" was of type VARCHAR not an INT in all tables
- me: I knew where was the problem, I added the Column attribute which made the problem
- ChatGPT: That makes sense. The Column attribute should not be used on a property that represents a relationship to another entity, like ManyToOne. Using Column here can cause Doctrine to treat the property as a basic column instead of a foreign key reference, which led to the issue you encountered.
- third migration corrected that mistake
- Application Programming Interface (API)
- Representational State Transfer (REST): a set of architectural principles for building web services.
- Read: RESTful web API design (Microsoft)
- Read: Microsoft Azure REST API Guidelines
- Read: The Web API Checklist
- Read: What is a REST API?
- Read: Best Practices for REST APIs
- Read: REST API Best Practices
- Read: Rules for creating a RESTful API
- For API testing use Dynamic Variables
- Metadata and default query params in API responses here
- I found that I need to define
enctypeattribute with valuemultipart/form-datato be able to send files to the server - but why is that ?? and what does the new terminology mean ?
- if we want to validate that the uploaded file is five Megabytes
- Megabytes = 5
- Kilobytes = Megabytes * 1024
- Bytes = Kilobytes * 1024
- when receiving a file, you validate it
- successful upload
- size ?
- name ?
- type
- but when it comes to types, the file type can be spoofed !! even the UploadedFileInterface->getClientMedaType function documentation tells you to not trust the output of this function
- what are MIME types ?? (write it here for reference)
- a reference by internet assigned numbers authority (iana) here
- only enable CORS when necessary to minimize security risks
- use specific origin allowlists rather than allowing access from all domains
- limit the methods and headers allowed in CORS requests to reduce potential vulnerabilities
- httponly: only access the session using http (because it's accessible by js by default)
- secure: HTTPS only, it's never sent on an insecure HTTP connection (except for localhost)
- samesite:
- more information at MDN docs
- regenerate session id on login and logout (in case of website)
- https://jwt.io/introduction
- JWT secret is used to sign and verify your tokens, it's extremely important because:
- if someone discovers your secret, they can forge valid tokens
- if the secret is too short or predictable, it can be brute-forced
- generate secret using
openssl rand -base64 64(bash)
- can I have mandatory parameters in the payload ? yes, if they are important, but make sure to document them.
- should the payload be validated? Absolutely.
- how to use JWT? check the link ☝️