nathan-io

nathan-io

Member Since 1 Year Ago

Experience Points
1,780
Total
Experience

3,220 experience to go until the next level!

In case you were wondering, you earn Laracasts experience when you:

  • Complete a lesson — 100pts
  • Create a forum thread — 50pts
  • Reply to a thread — 10pts
  • Leave a reply that is liked — 50pts
  • Receive a "Best Reply" award — 500pts
Lessons Completed
15
Lessons
Completed
Best Reply Awards
0
Best Reply
Awards
  • start your engines Created with Sketch.

    Start Your Engines

    Earned once you have completed your first Laracasts lesson.

  • first-thousand Created with Sketch.

    First Thousand

    Earned once you have earned your first 1000 experience points.

  • 1-year Created with Sketch.

    One Year Member

    Earned when you have been with Laracasts for 1 year.

  • 2-years Created with Sketch.

    Two Year Member

    Earned when you have been with Laracasts for 2 years.

  • 3-years Created with Sketch.

    Three Year Member

    Earned when you have been with Laracasts for 3 years.

  • 4-years Created with Sketch.

    Four Year Member

    Earned when you have been with Laracasts for 4 years.

  • 5-years Created with Sketch.

    Five Year Member

    Earned when you have been with Laracasts for 5 years.

  • school-in-session Created with Sketch.

    School In Session

    Earned when at least one Laracasts series has been fully completed.

  • welcome-newcomer Created with Sketch.

    Welcome To The Community

    Earned after your first post on the Laracasts forum.

  • full-time-student Created with Sketch.

    Full Time Learner

    Earned once 100 Laracasts lessons have been completed.

  • pay-it-forward Created with Sketch.

    Pay It Forward

    Earned once you receive your first "Best Reply" award on the Laracasts forum.

  • subscriber Created with Sketch.

    Subscriber

    Earned if you are a paying Laracasts subscriber.

  • lifer Created with Sketch.

    Lifer

    Earned if you have a lifetime subscription to Laracasts.

  • evangelist Created with Sketch.

    Laracasts Evangelist

    Earned if you share a link to Laracasts on social media. Please email [email protected] with your username and post URL to be awarded this badge.

  • chatty-cathy Created with Sketch.

    Chatty Cathy

    Earned once you have achieved 500 forum replies.

  • lara-veteran Created with Sketch.

    Laracasts Veteran

    Earned once your experience points passes 100,000.

  • 10k-strong Created with Sketch.

    Ten Thousand Strong

    Earned once your experience points hits 10,000.

  • lara-master Created with Sketch.

    Laracasts Master

    Earned once 1000 Laracasts lessons have been completed.

  • laracasts-tutor Created with Sketch.

    Laracasts Tutor

    Earned once your "Best Reply" award count is 100 or more.

  • laracasts-sensei Created with Sketch.

    Laracasts Sensei

    Earned once your experience points passes 1 million.

  • top-50 Created with Sketch.

    Top 50

    Earned once your experience points ranks in the top 50 of all Laracasts users.

Level 1
1,780 XP
Jul
01
1 week ago
Activity icon

Replied to Supporting Session Management When Session Driver Is Redis

Unfortunately in our case, we have to stick with Redis because the application must be as performant as possible at (hopefully massive) scale, and we want to minimize the workload on our PostgreSQL server.

I think the approach I outlined in my original post (keep Redis as the store, but write the session info to some SQL table every time a login or logout occurs) would work, I was just hoping there was some existing solution or easier way.

Jun
30
1 week ago
Activity icon

Replied to Supporting Session Management When Session Driver Is Redis

Thanks Bobby,

Those Redis methods look like they could be useful in some other contexts. In this case however, I'm not sure how they will help. Here's a Redis session key/value created when I logged in:

Key:

appName_database_appName_cache:DHZZcXP5HKgwja03dinEvvpI3ma3YkQ2OKzhx6Th

Value:

s:261:"a:5:{s:6:"_token";s:40:"9ZE26PebdUkmkethIUXAh0RQwK50W5ZbuJsrHChZ";s:3:"url";a:0:{}s:9:"_previous";a:1:{s:3:"url";s:25:"http://appname.test";}s:6:"_flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}s:50:"login_web_59ba36addc2b2f9401580f014c7f58ea4e30989d";i:1;}";

There don't seem to be any values there which tie the session to a user_id. That's understandable of course, since even unauthenticated visitors will have a session.

But I don't see how we could directly query Redis to essentially retrieve all sessions belonging to X user.

Activity icon

Started a new Conversation Supporting Session Management When Session Driver Is Redis

Hi,

We're using Redis as our session store in a Laravel 7 project.

In the user's account dashboard, we want to provide UI for managing their current sessions. (example)

I found this solution, but it requires the database session driver.

There's also hamedmehryar/laravel-session-tracker, but it hasn't been updated in a few years and fails to install on a fresh L7 project. I'm not sure it would work with L7 and/or Redis as the session driver, or if it's even an ideal solution in general.

At this point, it seems we may have to roll our own session tracking middleware/model/migration/etc., recording and tracking sessions in a SQL table. Roughly speaking:

  • Listen for Illuminate\Auth\Events\Login and Illuminate\Auth\Events\Logout events, then update our SQL db table with the session id (along with metadata such as device name, etc.).
  • If the user clicks to "Log out" one or all of the sessions, we can do Session::forget() on each session id and also delete those records from the SQL table

Was wondering if anyone else has encountered a session management requirement when using Redis as a session store, and how you handled it.

Thank you!

Apr
12
2 months ago
Activity icon

Replied to Best Approach To Extend Laravel Sanctum

Thanks bugsysha!

the only thing Sanctum is really doing is creating a hash of a randomized 80-char string

I didn't mean that's the only thing it does. I know that most are interested in it for SPA authentication. I should have said "the only thing Sanctum is really doing to generate a new key." I meant that if we rolled our own, we would just copy that method and build around it.

I'm also unclear about how the abilities property works, especially if we're using something like spatie/laravel-permission to further determine what the API key is authorized to do.

It's not a problem if we have a non-standard authorization/permissions solution, right? Because we can simply put all of our custom authorization logic in its own middleware which would get hit after an API request gets through the auth:sanctum middleware?

Activity icon

Started a new Conversation Best Approach To Extend Laravel Sanctum

We'd like to use Laravel Sanctum to issue API keys / personal access tokens for users, with some modifications:

  1. Associate an AccessRestriction with each token, which is simply a model whose properties would define security-related authorization rules for the key (such as the HTTP referrer or IP address the request must come from).
  2. Add two or three columns to the personal_access_tokens table, so we can store additional metadata for each token (or at least the id of some model where we'd store that, such as PersonalAccessTokenMetadata)
  3. The ability to deny the API request based on throttling/quotas

I'm also unclear about how the abilities property works, especially if we're using something like spatie/laravel-permission to further determine what the API key is authorized to do.

For the added DB table columns, I suppose we could simply override Sanctum's default migration.

And I assumed that we could create separate middlewares for authorizing based on referrer/IP and for checking against rate limits - then require all API requests to first go through the auth:sanctum middleware for authentication and then those additional middlewares for authorization.

However, I'm a little fuzzy on how we would need to extend Sanctum and get all of this to work together, and just looking for some guidance.

There's an argument that we just roll our own key generation and management system. After all, the only thing Sanctum is really doing is creating a hash of a randomized 80-char string.

Thank you for any advice or guidance!