Let's Build A Forum with Laravel and TDD
A forum is a deceptively complex thing. Sure, it's made up of threads and replies, but what else might exist as part of a forum? What about profiles, or thread subscriptions, or filtering, or real-time notifications? As it turns out, a forum is the perfect project to stretch your programming muscles. In this series, we'll work together to build one with tests from A to Z.
Updated Series Available
You are viewing an archived course. We instead recommend that you watch Build a Forum With Laravel.
Progress
Series Info
- Episodes
- 102
- Run Time
- 19h 29m
- Difficulty
- Intermediate
- Last Updated
- Jan 3, 2018
- Version
- Latest
Series Episodes
- Episodes (102)
Initial Database Setup With Seeding
Let's begin by reviewing the most minimal requirements for a forum. If you think about it, we couldn't possibly construct a forum without users, threads, and replies. So let's tackle those first.Test-Driving Threads
Now that we have our seed data in place, we can move on to our first small feature: "a user should be able to read threads." Simple enough! We'll start with a basic test, and then scaffold the necessary views to make it pass.A Thread Can Have Replies
View the source code for this lesson on GitHub.A User May Respond to Threads
We've implemented the necessary functionality to render a thread with all relevant replies, but we haven't yet allowed a user to type in a reply and submit it to the server. Let's get started on that now.The Reply Form
Now that we've tested the end-point for adding a new reply, the only remaining step is to create the HTML for the form. In the process, we'll also ensure that only logged-in users are able to see it.A User May Publish Threads
So far, a user can read and reply to threads, but they don't yet have the ability to publish their own threads. Let's begin fixing that in this episode.Let's Make Some Testing Helpers
I'm a big fan of making the process of writing tests as natural as humanly possible. The harder it is to construct a test, the more likely it is that you simply...won't. With that in mind, let's extract a few helpers and snippets to assist us.The Exception Handling Conundrum
Now that our endpoint tests are returning green, we can construct the HTML form to publish a new thread. However, in the process, we'll stumble upon an odd exception handling issue that needs to be addressed. Luckily, Adam Wathan has a useful solution that we can implement.A Thread Should Be Assigned a Channel
Right now, all threads are thrown into the same "global" namespace, so to speak. Ideally, we should assign each thread to a channel. That way, for a development forum, we may easily filter threads by PHP, or JavaScript, or Servers.How to Test Validation Errors
We haven't written any validation logic yet for our forum. This means that a user could whip up a request with all sorts of invalid data, and we'd gladly persist it to the database. Let's fix that in this episode, while writing tests to ensure that everything functions as we expect.Users Can Filter Threads By Channel
Now that we've associated all threads with a channel, we can now perform the necessary UI updates to allow users to filter threads by their desired channel.Validation Errors and Old Data
In this episode, we need to do a bit of work on the "create thread" page. We'll first add a link to the navigation bar, and then move on to tweaking the form, itself. Specifically, we should provide validation error feedback, and ensure that any text that the user types into the form's various fields will be remembered if a validation error is triggered.Extracting to View Composers
Currently, we have two different SQL queries for fetching all channels directly in our view layer. Let's fix that by extracting a dedicated view composer.A User Can Filter All Threads By Username
It would be nice if any user could have a link that displays only the threads that they've personally created. Even beyond that, why not allow for the ability to view any forum user's threads? Let's figure out how in this episode.A Lesson in Refactoring
Since it seems that filtering will be an important component to our application, let's take a bit of time to perform some refactoring. Luckily, because we have a set of tests to back us up every step of the way, we can be as bold as we wish. There's no fear of breaking the app, if your tests will notify you the second you make a refactoring error.Meta Details and Pagination
We should add a sidebar to each thread page for various meta information, such as when the thread was published, how many replies it has, and more. Further, we've yet to add pagination to our app. What happens when a thread has over one hundred replies? Let's ensure that we put the proper pagination links in place.A User Can Filter Threads By Popularity
It would be nice if users had the ability to filter all threads by popularity. That way, the most active threads will bubble to the top of the stack. Let's write a test and then implement this very feature.A User Can Favorite Replies
It would be useful if authenticated users could have the ability to "favorite" any reply within a thread. Let's begin implementing that functionality now, by using polymorphic relations.The Favorite Button
Now that we've tested the full process of favoriting a reply, we can move on to creating the form to process this action for the user. In the process, we'll begin discussing the N+1 problem.From 56 Queries Down to 2
Let's review the N+1 problem, as it relates to Eloquent. To do so, we'll install Laravel Debugbar so that we can analyze the exact SQL queries that are being executed for each page load. As you'll learn, there are a variety of simple steps we can follow to reduce our query count by the dozens.Global Scopes and Further Query Reduction
In this episode, we'll continue optimizing our SQL queries. Specifically, we'll review global Eloquent scopes and the useful$withproperty to automatically eager load any necessary relationships.A User Has a Profile
It would be useful if every user in our forum had an associated profile page. That way, we can review more information about them, including all threads that they've personally created.A User Can Delete Their Threads
One simple ability that we haven't yet implemented is the option to delete threads. If "John Doe" creates a thread and later changes his mind, let's allow him to delete it entirely.Authorization With Policies
We must be careful that we don't inadvertently give any registered forum user the ability to delete all threads. Let's create a policy class to ensure that this can't happen.How to Construct an Activity Feed with TDD
In this episode, we'll use TDD to drive out an activity feed. That way, we can, for example, track when a user creates a new forum thread, or posts a reply. As always, we'll begin with the most basic possible implementation. Once we get to green, we can then move on to the refactoring stage to clean things up drastically.How to Construct An Activity Feed with TDD: Part 2
Now that we've written the necessary code to record all relevant activity, in this episode, we can render it onto the user's profile page, and group all relevant records according to their date.Extracting Controller Queries to the Model
At the moment, we have a long, fluent Eloquent query in our controller. Instead, let's use TDD to extract it into theActivitymodel.The Activity Deletion Bug
I think we have a bug in our activity feed. What happens if we delete a thread? Will that cascade and delete all relevant activity in the process? And, if not, what happens when we try to view the user's profile page? Hmm, let's write a regression test to find out.Flash Messaging With Vue
In this episode, we'll implement an elegant flash messaging system, using Vue. That way, when a user performs an important action, we can flash a quick message to indicate the outcome.A User's Activity Feed Should Include Favorited Replies
At the moment, a user's activity feed will exclusively display a timeline of their own threads and replies. Let's extend that in this episode to include any replies that they've favorited.Authorized Users Can Delete Replies
We're still missing a very basic piece of functionality. Any authorized user should be able to delete a reply. Let's implement that in this episode.A Vue Reply Component
We're starting to realize that each individual forum reply should have a decent amount of behavior associated with it. With that in mind, in this episode we'll create a dedicated Vue component for a reply, and then implement the necessary functionality to quickly edit the body of a reply without requiring a page refresh.Ajaxifying the Delete Button
Now that each reply is wrapped within a dedicated Vue instance, we can easily swap out the traditional form for deleting the reply with a snappier AJAX version that doesn't require a page refresh.A Vue Favorite Component
We have one last piece of the puzzle, when it comes to ourReplycomponent. The favoriting functionality still consists of a traditional form. Let's turn that into a dedicatedFavoritecomponent to clean things up.Squashing Bugs
I think we've introduced a couple of bugs related to adding and removing activity. Let's work through them in this episode and patch things up, before moving on to a new feature.A More Data-centric Approach
In this episode, we'll do a decent amount of refactoring to push toward a more data-centric approach, when it comes to our Vue components. As part of this refactor, we'll need to figure out how to rewrite inline-templates that use Blade into JavaScript.A New Reply Component
Now that we're thinking in terms of Vue collections, we can easily turn the form for publishing a new reply into its own component. This way, when the user submits the form, we can simply perform an AJAX call to persist the data, and then push to the "replies" collection - which will, in response, automatically trigger a re-render.Laravel and Vue Pagination
Since we're now rendering all replies with JavaScript, we can no longer depend upon rendering pagination links on the server-side. To compensate, let's create a dedicatedpaginatorVue component to handle all the necessary logic behavior.A User Can Filter By Unanswered Threads
I've learned from running the Laracasts forum that users often want to filter all threads according to those that have not yet received replies. Let's add that very functionality in this episode.Thread Subscriptions: Part 1
It would be useful if users could subscribe to any number of threads in our forum. That way, each time a reply is left, the user will immediately be notified. Let's get started implementing this very functionality.Thread Subscriptions: Part 2
Now that our model tests prove that users can properly subscribe to threads, let's move up a level and right the general feature that describes what should happen when a particular endpoint is triggered.Thread Subscriptions: Part 3
Let's take a bit of time to work on the UI side of things. We need to prepare a "Subscribe" Vue component that handles the behavior of toggling the current user's subscription to any given thread.Thread Subscriptions: Part 4
Now that a thread exposes the behavior that it can be subscribed to, we can move on to preparing all relevant user notifications each time the thread receives a new reply. To allow for this, we'll leverage Laravel's native notification functionality.Test Refactoring
Let's take a few moments to refactor the tests in ourNotificationsTestclass. A handful of tweaks should make this file far more simple to read and understand six months from now.Thread Subscriptions: Part 5
We can finally switch over to the client-side, and begin constructing auser-notificationsVue component that will be responsible for fetching all relevant notifications and rendering them within a "bell" dropdown panel.Refactoring for the Better or Worse?
Let's perform a round of refactoring in this episode. But there's a twist! At the conclusion of the refactor, we'll take a very important step. That step is to ask ourselves, "Is the code better as a result of this refactor? Or did we make it more confusing?"Notification Fakes in a Nutshell
If you check ourThreadTestclass, you'll notice that we don't yet have a test that asserts that, each time a reply is added to a thread, a notification should be prepared for all thread subscribers. Let's use a notification fake to test this functionality.This Thread Has Been Updated Since You Last Read It
It would be useful if users could have a small visual cue that any given thread has been updated since they last read it. This indication could be as small as making the title of the thread bold in such instances. So how do we allow for this? Well, while there's countless ways to implement this, let's try using basic caching.Spam Detection
Spam is a sad reality of any successful forum, and we can't ignore it. In this episode, let's begin constructing a series of spam detectors. We'll start with basic keyword detection, but this will soon evolve to all sorts of inspections.Graduating Inspection Methods to Classes
Rather than adding countless inspections to our singleSpamclass, instead, let's elevate each of these inspections to its own class. Then, ourSpamclass can simply filter through all registered inspections, and trigger them. Much cleaner!Spam Detection At All Ports
At the moment, we only perform spam detection when the user writes a new reply. But what about when they update the reply, or post a new thread entirely? In this lesson, we'll review some options for performing spam detection for each of these actions.Handling Server Exceptions with JavaScript
At this point, our spam detection is working perfectly. However, our frontend still needs a few updates to properly translate any possible server exceptions into feedback for the user. Let's tackle that in this episode.Refactoring to Custom Validation
As we've implemented our spam detection layer, have you noticed that we've split the validation process into two steps? First, we trigger Laravel's built-in validators, then we apply our spam detection. What if we could create a custom validation rule instead and clean up our code in the process? Well, we can!A User May Not Reply More Than Once Per Minute
At the moment, any spammer can write a program to leave a forum reply every five seconds. Yikes! Let's at the very least limit users to no more than one reply per minute.Refactoring to Form Requests
TheRepliesControllermethod that handles the submission of a new reply still feels a bit bloated to me. In this episode, we'll refactor it down to a single method call.Mentioned Users Notifications: Part 1
The next feature we need to implement is the ability for users to receive automatic notifications each time their username is mentioned within a thread. We'll get started in this episode by preparing the test, and then writing the least amount of code to get it to green.Mentioned Users Notifications: Part 2
Now that we're at green, we can begin refactoring our code. Let's use a basic eventing setup, now that we have multiple actions that need to take place each time a reply is posted.Don't Forget to Scan Your Files
An important part of your coding workflow involves file scanning. Yes, your code works. Yes, the tests pass. But, even so, take a third pass and scan all relevant files. Does anything jump out at you? Are there any small tweaks that might add more clarity? Should that variable be inlined? Can we reduce the number of queries over here?Wrap Usernames Within Anchor Tags
Now that we can successfully notify mentioned usernames within a reply, let's begin updating the UI. First up, we'll match any usernames, and wrap them within anchor tags that link to their profile.Instant Username Autocompletion
In this episode, we'll begin researching how to allow for GitHub-style instant@usernameautocompletion. During the research phase, we'll set up a brand new throw-away project to learn how it will work. Then, once we feel comfortable, in the next episode we'll integrate autocompletion into our forum.Instant Username Autocompletion: Part 2
Now that we understand how the At.js plugin works, we can begin integrating it into our forum. Let's get a working implementation setup in this episode.Basic View Tweaks
Before we move on to a few more important new features, let's take some time to perform some smaller tweaks. For instance, on the thread listing page, we should display the author's name. Additionally, we aren't yet using pagination here. Let's fix both of those issues now.Testing Avatar Uploads
We should next allow users to upload avatars for their profile. As always, let's take a test-driven approach to this task. As you'll find, Laravel offers a number of resources to make the process of testing file uploads incredibly easy.Testing Avatar Uploads: Part 2
Now that we've mostly driven out the backend side of things, let's shift our attention to the view layer. We should present a form to the user, so that they may choose an avatar to upload and associate with their profile.AJAX Image Uploads
If we'd like to use AJAX to update a user's profile image, we'll need to take a few somewhat tricky steps. Don't worry, it's not too rough. When we're done, we'll have seamless integration with instant feedback.Trending Threads With Redis
It would be useful if visitors could instantly see which threads are currently trending on our forum. An incredibly simple way to implement this is through sorted sets with Redis. Let's get started.Isolating Knowledge
In this episode, we'll continue reviewing our trending threads in Redis logic. Could we possibly extract this code to a dedicated class? And if we did so, what benefits might we encounter as a result?Thread Views: Design #1 - Trait
We next need to display the visits/views count for each thread on the page. If only for learning purposes, we'll review three different implementations - one per episode - while discussing the pros and cons for each. To begin, let's assume that the forum we're building will be incredibly popular. If so, we might consider using Redis to track and increment the views count each time the page is loaded. Let's get started.Thread Views: Design #2 - Extract Class
In the previous episode, we successfully recorded the views count through a single trait, or concern. However, you may notice that the "visits" suffix is referenced in a number of method names. When you encounter repeated keywords, often it's an indication that a class is requesting to be extracted. Let's tackle that very thing in this episode, and then review the before and after.Thread Views: Design #3 - KISS
Finally, we've made it to our third and final design choice: KISS. A vital skill for all web developers is to understand when certain optimizations and refactors are necessary, and when it simply doesn't matter. In the case of this particular feature, would it be easier if we simply added a "visits" column to our threads table? Yes, we'd need to increment this count each time a thread is read, but is that necessarily a problem? Are we anticipating a scale and level of traffic that demands such an optimization? If not, keep it simple.Users Must Confirm Their Email Address: #1 - Protection
If spam is a significant concern, one option is to force all forum users to first confirm their email address before we grant access to publish new threads. Typically, spammers will enter gibberish email addresses during the sign up process. With this modification, a real email address will be required.Users Must Confirm Their Email Address: #2 - Confirmation
Now that we have the proper protections in place, we can move on to the next step: sending all new users an email confirmation request upon registration. Once they click back to our website through this link, we can mark their account as confirmed, and they may then begin posting to the forum.Users Must Confirm Their Email Address: #3 - Cleanup
At this point, everything appears to be working properly. So let's take this episode to simplify a few sections, remove the event listener approach, and clean up our code.Email Confirmation Loose Ends
Well, we thought we were finished with the email confirmation feature, but, after a second glance, I think we have a few more loose ends to wrap up. In this episode, we'll do a small bit of refactoring, while also ensuring that the generated email token is more unique and will be deleted upon confirmation.A Thread Should Have a Unique Slug: Part 1
So far we've been using theidof each thread as the URI identifier. However, in many cases, regardless of the app you're building, you may not want to expose your primary keys in this way. Instead, let's switch over to a slug-based approach.A Thread Should Have a Unique Slug: Part 2
At this point, we are generating slugs for each new thread; however, what happens if multiple threads have the same title? Everything will blow up, that's what! It sounds like we need to detect existing slugs in the database, and apply an increment to the slug.We Need a Regression Test
Now that we're properly generating incrementing slugs for threads that have the same title, we should take note of a few edge cases that could break things. If we find a bug along the way, we'll write a regression test to reproduce it, and then refactor as needed to return everything to green.Mark the Best Reply: Part 1
Our next feature to implement is one that allows the creator of a thread to mark any reply as the best answer. Let's begin by implementing the underlying server-side logic. Once complete, in the following episode, we can move on to the front-end side of things.Mark the Best Reply: Part 2
Our tests are showing that everything from the AJAX endpoint and forward should work as expected; however, we haven't yet touched the front-end side of this feature. Let's begin writing the necessary Vue logic to allow the thread's creator to mark any reply as "best."Refactoring Authorization
We still need to finish up the "Best Reply" feature, but let's take a quick break to refactor our authorization setup. Things are beginning to get messy, and I worry that this authorization logic could grow to be split between countless files. In this episode, let's experiment with creating a dedicated authorization module.Remembering a Best Reply
Let's return to the client-side, and add the necessary logic to submit an AJAX request when the owner of a thread marks a new reply as "best." As you'll see, we'll need to review a couple different options for toggling state.Confusing Errors and Solutions
What happens if a "best reply" is deleted by its owner? Shouldn't we update the owning thread to nullify thebest_reply_idcolumn? Otherwise, that column will refer to a reply that doesn't exist. In this episode, we'll add a database constraint to perform this update automatically. However, as we implement it, we'll encounter a few confusing issues that aren't so easy to debug.Thread Authorization
At the moment, everyone - even guests - can see the button to mark a "Best Reply." Now we do have protection on the backend, but we should certainly hide this button for all users who aren't the creator of the thread. Let's tackle that in this episode, before moving on to something new.An Administrator May Lock Any Thread
Next up, we need to begin adding the ability to lock any forum thread. Whether a conversation veers far off course, or the administrator simply wants to respond to a thread and then close it, this is a common feature for any forum. Let's get started implementing it with TDD.An Administrator May Lock Any Thread: Part 2
Let's continue fleshing out the routes and controllers that our front-end will expect for this feature. In this episode, we'll review two endpoint approaches for updating a thread's "locked" status.An Administrator May Lock Any Thread: Part 3
Now that we have the server-side endpoints fully tested, let's switch to the front-end and write the necessary Vue code to allow administrators to toggle a thread's "locked" status.An Administrator May Lock Any Thread: Part 4
The basic UI functionality is in place. At this point, we only need to send the appropriate AJAX requests to toggle the "locked" column within the threads table.From Laravel 5.4 to Laravel 5.5
Let's allocate some time in this episode to upgrade our Laravel installation from version 5.4 to 5.5. As you'll see, because we have a full suite of tests to back us up, we can perform this upgrade with incredible confidence.Recaptcha
If we'd like to add a second layer of spam protection, we could implement reCAPTCHA. Luckily, the basic process is rather easy. In this episode, we'll get everything to work as quickly as possible. Then, in the following lesson, we can do a bit of refactoring to clean things up.Recaptcha Refactoring
View the source code for this episode on GitHub.A Thread Can Be Updated
Amazingly enough, we've managed to get this far without adding the ability to edit an existing thread. Before moving on to implementing search, let's knock this out quickly.A Thread Can Be Updated: Part 2
Now that we have the server side implementation fully under test, we can switch over to the front-end and write the necessary Vue code to toggle the display for editing a thread.A Thread Can Be Updated: Part 3
Everything is looking good for this feature, so the only remaining step is to handle the AJAX request for updating the thread. Along the way, we'll encounter a few small edge cases that should be addressed.First Class Search: Scout Review
It's time to add first-class search to our little forum. Let's begin in this episode with a quick review of Laravel Scout and Algolia.First Class Search: Implementation
Now that we have both Scout and Algolia ready to go, let's implement search into our forum. Along the way, we'll review a few gotchas and roadblocks related to feature testing code that will hit an external API like Algolia's.First Class Search: Faceting and Ranking
At this point, we have a fully functional search system in place. However, it might be nice to offer more interactive results. What if the user could instantly filter all search results according to a given facet, such as a tag or channel name? Let's begin preparing for such a thing in this episode.First Class Search: Instant Results
In this episode, you'll learn how to display live search results for our forum on the page. We can even integrate the channel facet to provide on-the-fly filtering.First Class Search: Forum Integration
Now that we have a solid understanding of how to work Algolia and the Vue-InstantSearch plugin, let's fully integrate it into our forum.WYSIWYG
At the moment, we're using a basictextareafor the body of each forum thread or reply. Let's upgrade these inputs to powerful WYSIWYG text editors, using Trix.WYSIWYG: Part 2
Let's continue on with our Trix editor implementation. There are a few more places where we'll need to replace a standardtextareawith the newwysiwygcomponent. Along the way, we'll also discuss how a Vue child component can listen and respond to an event on its parent.Sanitizing is a Must
When building web applications, always assume that the user is malicious. As such, any time you accept and display user input, sanitize it first. Think of this as the equivalent of throwing their input into a sink filled with soapy water. The goal is to clean that HTML as best as we can. Scrub it down in preparation for display. Script tag? Sorry, but no. Inline styles? See ya. Click event handlers? Hell no.Onward
This series has easily been the most in depth course Laracasts has ever released, but the reality is there's so much more to do. As such, let's migrate the end result of all our work to a brand new series that'll pick up right where we left off: "How to Manage an Open Source Project."
