DEV Community: Olaniyi Philip Ojeyinka

Protecting your Fintech App Customers further with Panic Password

Olaniyi Philip Ojeyinka — Sun, 08 Sep 2024 22:27:40 +0000

This article is inspired by my encounter with rogue members of the Nigerian Police Force(NPF) who go out daily to intentionally wrongly profile their victims as a criminal and after lot of post incidence deliberations (what i did wrong, what i could have done better and what to do if such incidence happen again), i realized how some of the finance apps i used could have been of great help to me also at that moment.

Nowadays, we move around with our bank on us through our various fintech apps on our mobile phones (This reminds of Burna Boy's line 'Cause I walk around with a bank on me from his Bank on it track).

Fintech apps gives us the easy and convenient solution to access all kinds of financial services but what happens when this treasure falls into the wrong hands? Whether it's rogue law enforcement, criminals, or anyone else trying to gain unauthorized access to your fintech apps, the consequences can be dire. Enter the "panic password" - a feature that could be a game-changer in protecting users' financial assets and personal information.

The Panic Password Feature

The core idea of a panic password is to provide users with a way to access a "safe" version of their account when under duress. Let's explore two potential implementations of this feature:

Option 1: Modified Regular Password

In this approach, users would add a specific phrase or word to their regular password to trigger the panic mode.

For example:

Regular password: "MySecurePass123"
Panic password: "MySecurePass123Panic"

Advantages:

Easy to remember in stressful situations
Doesn't require setting up an entirely new password

Disadvantages:

Might be guessable if the attacker knows about this feature
Could be accidentally triggered if the user mistypes their password

Option 2: Separate Panic Password

This option involves setting up an entirely different password for panic situations.

For example:

Regular password: "MySecurePass123"
Panic password: "SafeMode456"

Advantages:

More secure, as it's not derived from the regular password
Allows for more complex panic passwords

Disadvantages:

Users need to remember an additional password
Might be forgotten in high-stress situations

As always with most engineering design decisions, it depends on what you are ready to trade off.

Implementation Details

Let's look at how this feature could be implemented at a system level:

graph TD
    A[User enters password] --> B{Is it a panic password?}
    B -->|Yes| C[Load fake/limited account data]
    B -->|No| D[Load real account data]
    C --> E[Start tracking session activities]
    C --> F[Prepare to send alert if configured]
    D --> G[Normal app functionality]

At a low level, I could think of three approaches to implementing the panic mode:

Separate System Account Session: When a panic password is used, the system loads a pre-configured "safe" account with limited data and functionality(this maybe cheaper and easier option).
Fake Data Generation: The system dynamically generates fake data and account balances on-the-fly when panic mode is triggered.
User Provided Data: Users may be able to customize certain parameters of the panic mode, such as:
- The balance to show in panic mode
- Which actions should be allowed or blocked in panic mode
- Whether to automatically alert authorities
- Even Panic mode Transaction limits settings could be very useful

I think panic mode/session could be stretch further

To further protect users in dangerous situations, the panic mode could also:

Automatically report to relevant authorities
Send the user's current location coordinates
Capture images using the front-facing camera
Record audio of the surrounding environment

Conclusion

These features, of course, would need to be implemented with utmost care for privacy and user consent.

Like most security investments, implementing a panic password feature could be seen as expensive for fintech companies. However, the cost is undoubtedly less than the potential losses from unauthorized access to user accounts or the damage to a company's reputation from security breaches. When customer funds and assets are guaranteed with robust security measures like panic passwords, it not only protects users but also builds trust and loyalty.

Installing PHP 8.2/8.3+ on ubuntu 23.04+

Olaniyi Philip Ojeyinka — Mon, 19 Aug 2024 17:55:55 +0000

you may be getting error simmilar to

Hit:1 http://ng.archive.ubuntu.com/ubuntu lunar InRelease                      
Hit:2 http://ng.archive.ubuntu.com/ubuntu lunar-updates InRelease              
Hit:3 https://dl.google.com/linux/chrome/deb stable InRelease                  
Hit:4 http://ng.archive.ubuntu.com/ubuntu lunar-backports InRelease
Ign:5 https://ppa.launchpadcontent.net/ondrej/php/ubuntu lunar InRelease
Err:6 https://ppa.launchpadcontent.net/ondrej/php/ubuntu lunar Release
  404  Not Found [IP: 185.125.190.80 443]
Hit:7 http://ng.archive.ubuntu.com/ubuntu lunar-security InRelease
Reading package lists... Done
E: The repository 'https://ppa.launchpadcontent.net/ondrej/php/ubuntu lunar Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

or 

“Reading package lists… Done
Building dependency tree
Reading state information… Done
E: Unable to locate package php8.2
E: Couldn’t find any package by glob ‘php8.2’
E: Couldn’t find any package by regex ‘php8.2’”

probably after running

add-apt-repository ppa:ondrej/php

remove the previous source by running

sudo add-apt-repository --remove ppa:ondrej/php
sudo apt update

You will need to edit your repository source file as follows:

sudo nano /etc/apt/sources.list

and enter

deb https://ppa.launchpadcontent.net/ondrej/php/ubuntu jammy main

then run

sudo apt update

after which you should now be able to install your php version using 8.3 as an example

sudo apt install php8.3

if you already have some other php installed, you may need to change to the version using

sudo update-alternatives --config php

and follow the prompt.

you may also consider installing the following extenstions


sudo apt install php8.3-curl php8.3-gd php8.3-intl php8.3-simplexml php8.3-dom php8.3-mysql php8.3-mbstring php8.3-xml php8.3-gd php8.3-curl php8.3-mysqli php8.3-zip

Error handling: Are You In Charge or In Chaos?

Olaniyi Philip Ojeyinka — Fri, 24 Nov 2023 23:23:44 +0000

As users in today's fast-paced world, our attention spans are shrinking by the day. We want efficiency, we want to be able to open our favourite app, perform an action, and finalize our transaction swiftly. Nobody wants to deal with issues just to accomplish a simple task; it's detrimental to the overall customer experience.

Unfortunately, in the world of software, things don't always go as expected, and that's okay. What matters most is how well-prepared we are for such scenarios and the plans in place to resolve them swiftly.

To navigate such scenarios more smoothly, we can simplify our lives by designing our software with robust error handling in mind. Some practices that significantly contribute to well-handled software include and not limited to:

A. Consistencies: Maintain a consistent approach across your entire codebase. This not only enhances code readability but also minimizes the risk of encountering errors stemming from inconsistent error handling practices. One effective strategy is to establish an abstraction class, function, or helper that can be called when necessary. Another method to enforce consistency is by adopting a uniform approach to handling operation results. A good example is the use of a result template, as illustrated in the TypeScript example below. This approach is adaptable and can be seamlessly incorporated into various technology stacks.

interface Result<T> {
  success: boolean;
  data: T | null;
  error: string | null;
}

you can achieve this in php with

class Result {
    public $success;
    public $data;
    public $error;

    public function __construct($success, $data, $error) {
        $this->success = $success;
        $this->data = $data;
        $this->error = $error;
    }
}
//and to use, just intialise an object with data from your operation
 new Result(true, $result, null);

similarly in ruby

class Result
  attr_accessor :success, :data, :error

  def initialize(success, data, error)
    @success = success
    @data = data
    @error = error
  end
end

or if you are stingy with your storage space for the result instances, you can basically use's you language provided map or hash as follows
in ruby,

 # success 
    { success: true, data: result, error: nil }

#failure

    { success: false, data: nil, error: "error message" }

 // success 

        return ['success' => true, 'data' => $result, 'error' => null];

//failure

        return ['success' => false, 'data' => null, 'error' => "error message"];

or have a uniform way of making use of your language exceptions handling, although i would recommend the above as it provide us the advantage of being able to return early there by making our codebase much more readable and easy to follow and also reduce the performance overhead of try catch/throw/exception/rescue/raise or whatever you language of choice uses.

B. Specificity: Clearly defining and identifying errors is crucial for efficient troubleshooting. When dealing with RESTful APIs, leverage accepted error codes. In the previous example, observe the use of the boolean "success" attribute in our control structure. This approach enhances specificity, relieving contributors of the uncertainty regarding potential issues. By adhering to recognized error codes and providing clear error messages, you streamline the debugging process and empower developers with the information they need for effective issue resolution.

C. Differentiate between Failure and Actual Error: Distinguish between routine failures and critical errors, while both may seem similar, they are not the same. Most Errors result to Failure, Errors could be syntax errors, logical errors and others. Sometimes, its possible for failure to happen as a result of validation, third party provider downtime and other issue that are out of the scope of our app itself. This is important especially when dealing with a financial software, you may want to know which one you are dealing with and how to properly resolve them. For example, when dealing with a payment provider and you need to make payment, for some reason their API isn't available, that isn't an error but a failurem that you may want to confirm before making a conclusion to ensure integrity of the application and in the example provided prevent double crediting/spending.

D. Preparing for the Unknown & Third-Party Communication: Anticipate potential issues, and build in resilience for unexpected scenario.
Avoid outsourcing validation when dealing with third-party interactions to retain control and oversight. Be Paranoid, assume your third party API doesn't know what they are doing and tackle it accordingly, for example, even if third party API returns 200 OK, you can safely still confirm everything is alright using the necessary body attributes as there are cases where a thirdparty API may not give the right response code or follow the communication's pattern/protocol best practices.

E. Handling Timeout: When a service isn't responding in a timely manner, you don't want to keep your users waiting, you want to implement strategies for managing timeouts and implement the right retry and confirmation machanism. For payment related request, you don't want to retry until you can confirm previous request wasn't already attended to.

F. Proper logging, monitoring and reporting:
Despite our best efforts, encountering a bug or two is inevitable. When these situations arise, the key is to investigate quickly and resolve customer issues as soon as possible. Establishing robust logging and monitoring tools becomes paramount in expediting issue resolution because you can't solve a problem that you are not aware of or understand its root cause.

Implementing effective logging mechanisms allows you to capture crucial information about the application's behavior, potential errors, and the sequence of events leading up to an issue. Coupled with monitoring tools, you gain real-time insights into the performance and health of your system. This proactive approach not only aids in identifying and addressing problems promptly but also enhances your ability to provide swift solutions to customer concerns.

G. Client Error Presentation:

In the event of an error occurrence, once the issue has been logged appropriately, the next crucial step is how to present this error to the customer. It's important to mask the actual technical details of the problem and instead provide a clear and meaningful error message to the end user.

The approach to handling and rendering errors to the client can vary based on the team's preferences or project requirements. Teams may opt for an optimistic approach, instilling confidence by emphasizing potential solutions or alternative paths. On the other hand, a pessimistic approach may involve transparently communicating the issue's severity to manage user expectations.

Additionally, the implementation of a retry mechanism can be considered. This allows the system to attempt the operation again, providing a seamless experience for the user while the underlying issue is addressed in the background.

By carefully considering the client error presentation strategy, you not only enhance the user experience during challenging situations but also contribute to maintaining trust and satisfaction among your customers.

Introduction to Database transaction, Read phenomenom and isolation level using Sequelize ORM

Olaniyi Philip Ojeyinka — Mon, 13 Mar 2023 03:14:43 +0000

Let start with transaction,

Transaction

Transaction in a database basically is a collection of queries you want run as a unit of work, meaning if its going to succeed, everything succeed together and since each one of your queries is a part of one single work and if at all one fail, the others should also fail and rollback(Reverse the effect of the query), as a database transaction must follow the ACID properties (Atomic, Consistency, Isolation, and Durability).

In this article, we will mostly use Sequelize Orm in our examples.

Now, let's move on to the business. You have been asked to create a peer-to-peer transfer feature in an app, and you need to record a debit transaction on the sender's side and a credit transaction on the receiver's end. It won't make sense if, for some unforeseen reason, we are able to record a debit transaction but not equally able to record a credit transaction, or vice versa. To prevent this scenario, we put both recordings in one transaction.

For example, the normal flow would be as follows, in terms of queries:
Assuming every other validation has been done:

Update sender balance
Create debit transaction record
Update receiver balance
Create credit transaction record for receiver

All of these queries make sense to be in a transaction because if any of the above steps fail when a customer attempts to make a transfer, it will affect the integrity of such a payment record. We need them to either fail all together or succeed together.

Sequelize provides us with two types of transactions:

1. Managed Transaction

In a managed transaction, you don't need to worry about handling the rolling back process. Sequelize will automatically do that if an error occurs in your transaction, as shown in the example below:


try {

  const result = await sequelize.transaction(async (t) => {
     // update sender balance
     sender.balance  -= amount;
     await sender.save({transaction: t});
     receiver.balance  += amount;
     await receiver.save({transaction: t});

     await Transaction.create({
      amount: amount,
      type: 'debit'
      userId: sender.id
    }, { transaction: t });

     await Transaction.create({
      amount: amount,
      type: 'credit'
      userId: receiver.id
    }, { transaction: t });

    return { sender, receiver };

  });

  // success block

} catch (error) {

  // error occured in the transaction and all queries effect has been rollback meaning not committed

}

2. UnManaged Transaction

In an unmanaged transaction as it is below, you will be the handling how and when you want to commit/rollback.


const t = await sequelize.transaction();

try {

     // update sender balance
     sender.balance  -= amount;
     await sender.save({transaction: t});
     receiver.balance  += amount;
     await receiver.save({transaction: t});

     await Transaction.create({
      amount: amount,
      type: 'debit'
      userId: sender.id
    }, { transaction: t });

     await Transaction.create({
      amount: amount,
      type: 'credit'
      userId: receiver.id
    }, { transaction: t });

    await t.commit();

    return { sender, receiver };

} catch (error) {

  // error is thrown in you transaction
  // manually rollback.
  await t.rollback();

}

These approaches are common among other ORMs such as Rails' Active Record and Laravel's Query Builder, which have similar syntax and flow.

Even without an ORM and using only SQL(since ORMs implemented the flow using SQL under the hood), the above-mentioned ORM implementations can be followed with similar flow. This involves using keywords like BEGIN/START (depending on the database type), ROLLBACK, and SAVEPOINT. With the SAVEPOINT keyword, you can create a step and rollback to a specific step when necessary, as demonstrated in the example below:

BEGIN TRANSACTION NameOfTransaction;//or
START TRANSACTION; // in case of Mysql
//run you balance update queries
SAVEPOINT balanceUpdate
//create your transactions
SAVEPOINT createTransaction
COMMIT

/*to rollback to the point of balance update*/
ROLLBACK TO balanceUpdate

/*to rollback*/
ROLLBACK

RELEASE to Relese a savepoint
RELEASE SAVEPOINT savepointname

ISOLATION LEVEL & READ PHENOMENOM

The ISOLATION property in the ACID properties of a database transaction means that multiple in-flight transactions can run separately in isolation. The READ PHENOMENON is a side effect of this property, which can cause concerns.

TYPES OF ISOLATION LEVEL

REPEATABLE READ
READ COMMITTED
READ UNCOMMITTED
SERIALIZABLE

So lets take a look at each of these, one after the other.

REPEATABLE READ: When we have more than one running transaction at the same time, we are guarranteed that only data that has been committed will be read and the value won't change even if we read the same data again in same transaction but other concurrent transaction may add a new row to the data but can't delete/update.

for example

BEGIN TRANSACTION;
SELECT * FROM Accounts;
WAITFOR DELAY '00:03:00'
SELECT * FROM Accounts ;
COMMIT;

in the above, the data returned by the first select will be same as data from second select and if another transaction have added a new row while our current transaction was waiting, the new row will be returned in the second select statement. The data is locked(rows level) for update/delete until the transaction is done.

READ COMMITTED: When we have more than one running transaction at the same time, as it name suggested, every new changes will reflect in the current transaction as long as the other transaction as committed it. Whether the operation is UPDATE, DELETE or CREATE every changes will be seen as long as they are committed.

READ UNCOMMITTED: When we have more than one running transaction at the same time, as it name suggested, every new changes will reflect in the current transaction even if not committed. This bring about phenomenum called DIRTY READ because uncommitted data in out result will leads to having dirty data.

SERIALIZABLE: When we have more than one running transaction at the same time, just like repeatable read but new row cannot be added because as long as the first transaction is running, other transaction won't be able modify or create new rows.
This is the highest level of isolation and also could result to performance issues as transaction may have to wait for each other.

Setting Isolation levels in sequelize is as follows:

const { Transaction } = require('sequelize');

// The following are valid isolation levels:
Transaction.ISOLATION_LEVELS.READ_UNCOMMITTED // "READ UNCOMMITTED"
Transaction.ISOLATION_LEVELS.READ_COMMITTED // "READ COMMITTED"
Transaction.ISOLATION_LEVELS.REPEATABLE_READ  // "REPEATABLE READ"
Transaction.ISOLATION_LEVELS.SERIALIZABLE // "SERIALIZABLE"

and this can be set using the sequelize transaction method first parameter object key isolationLevel as it is below:

const { Transaction } = require('sequelize');

await sequelize.transaction({
  isolationLevel: Transaction.ISOLATION_LEVELS.SERIALIZABLE
}, async (t) => {
  // Your queries
});

These isolation levels comes different side effect called READ PHENOMENUM for the next few minutes, we will be discussion each of the read phenomenum types:

DIRTY READ
NON REPEATABLE READ
PHANTOM READ
LOST UPDATES

DIRTY READ: This occur when an uncommitted data of a transaction is read by another transaction. The data is dirty because in case where the new changes depend on existing values, we may be getting a redundant data or even already modified or deleted data.
for example, A first transaction is saving sales data to db and another transaction is getting it and rendering it for the administrator, it possible the first transaction later make change to a data already read by second transaction thereby resulting to second transaction sending wrong sales data to the administrator.

NON REPEATABLE READ: This is the opposite of repeatable read because in a transaction, the gotten result by same query may be different there by leading to inconsistent result.

PHANTOM READ: Similar to Non Repeatable read but instead of row data values, number of rows return maybe be different.
This occur when the other transaction as perform CREATE or DELETE operation.

LOST UPDATES: This occur when more than one transaction is trying to update a row at same time. The last transaction to commit will override the first one/ones thereby resulting to situation where previous transaction' updates are lost.

It easy to mix-up or confuse isolation level with read phenomenum so here is a tip that can help.
Think of isolation levels as a possible different approach you could have taken if you are to be the core Database Engineer who is to implement how transaction behave or handle isolation, and think of read phenomenum as the side effect of each decision/approach you later take.

and last check the table below for graphical illustration of isolation levels and their side effect.

In my next couple of articles, i will be writing about locking, scaling techniques, concurrency and concurrency control. Please stay tuned.

References
Sequelize Docs:
https://sequelize.org/docs/v6/other-topics/transactions
Microsoft Sql Server
https://learn.microsoft.com/en-us/previous-versions/sql/sql-server-2008-r2/ms190805(v=sql.105)?redirectedfrom=MSDN
Nasser Hussein Fundamental of Database Engineering
https://www.udemy.com/course/database-engines-crash-course

How are you handling your money?

Olaniyi Philip Ojeyinka — Mon, 25 Jul 2022 05:38:08 +0000

When working on Financial Software, one have to be extremely careful of how things are done from planning, implementation, Platform security to basic arithmetics.
Back to the topic, we will be discussing money handling with great precision, so you've been tasked to create a micro payment transfer application maybe for fiat or crypto.
Yeah for the inexperienced, this is quiet simple, just create db schema, define the balance column data types as decimal and start storing, retrieving and manipulating the data as needed using the float datatype or equivalent in your chosen language.

You've just shipped your software, and there comes John who have the balance of $0.8 and will like to transfer 0.5 to Doe another user of the software, Yeah this should be pretty straight forward right? we get the balance of John then subtract 0.5 from it, update John balance with result then add 5.0 to Doe's balance. It will have been this easy, if generally computers are great with floating point calculation without loosing precision but in reality, John maybe getting more money than he is supposed to get, assuming the datatype of the balance column isn't constraint by 2 decimal places or even when the result of the calculations is needed to be sent to a third party service like a payment gateway.

Another reason this is important to prepare for at the planning stage of your finance software development is that, its not uncommon to compare two or more values. When we get to a situation where we need to compare our values, we need to make sure the result of our calculations equal to expected value.
With JavaScript,

0.8 - 0.5 = 0.30000000000000004 
// normally, we would have expected to get just 3.0

In the scenario described above, we will be introducing unexpected behaviour to the software if the result does not equal to what we normally would have expected.

 0.30000000000000004 === 0.3
 false

This is not a Javascript problem as most memes you probably would have seen may have projected it, its common among other programming languages like Ruby, Java, Golang and In fact, its generally an issue with any computer systems that follows IEEE_754 and because computers process its operations in binary(low level stage) and floating point been a recurring number, at some point, we will run out of bit to represent the float depending on the processor's architecture whether 64bit or 32bit(The higher the bits, the more the precision) resulting to floating point rounding error.

So how do we get our way around this in our financial software, one approach is to represent money in the lowest unit, for example in case of Dollar, you can process money in cent, perform all needed calculations in its lowest unit and only return back to 100 whenever you need to render it to the user. Fiat generally are represented in two decimal places, so they can be reprecented by the hundredth.

In case of crypto, this will also depend on the lowest unit of the crypto for bitcoin which is 8 decimal places which means its lowest unit is 0.00000001 called satoshi, we can represent it in 100,000,000th. How do you prepare your schema in this case? you can have currencies table/document with fields as follows

Name
Code
lowest_unit
lowest_unit_name

where in a case of dollar, the data will be as follows:

US Dollar
USD
100
cent

Then whenever you need to render an amount, you divide by lowest_unit and round to the needed precision, at the point you are collecting the value as input from user or third party, you multiply by lowest_unit.

Another different approach maybe to have the money represented in the decimal in your database at the decimal places of the currency with the highest decimal point you are going to be dealing with for example using Decimal(n, 2) in case of fiat, and perform your calculations in arbitrary-precision Decimal type.
In javascript, using libraries like Big.js , Decimal.js will be of help.

In Java and Ruby, BigDecimal is an inbuilt class that can be used.
For PHP, you can checkout the Brick Math Library
Basically, just find the arbitrary-precision Decimal type/Class/Library in your choice of language.
Got another approach, please do let me know in comment section.

Publish/subscribe system using redis;communicate between laravel and node services

Olaniyi Philip Ojeyinka — Mon, 19 Jul 2021 00:02:37 +0000

Before going deep into this ,lets discuss the typical scenerio in which we may need to implement this pattern in our backend service.

Scenerio 1: maybe for some reason,we need to run a two service for an application backend and these two separate services need a way to communicate with each other in non-blocking,asynchronous approach.

Scenerio 2 : we have to run a task that is time consuming,and also maybe resources hungry and it won't make a great user experience to perform this task in the process of user's request thereby leading to more waiting period for users to get a feedback/response for their action.
One approach to this is running a background job and another is deligating the task to separate service to process and maybe after the task is done, alert the the deligator service which we are can call Event Driven Architecture.

In one of my next articles, i will discuss how we took advantaged of the Event driven archictecture to build a Currency Trading Application,how it helped us in delivering a great realtime notifications experience and how we utilised it in our realtime chat service.

All these communication between services can still be achieved by sending http request to and fro and the use of webhook, but this won't be as effective ,non-blocking as using messaging broking approach.

There are many message broking software available like rabbitMQ ,kafka,and redis etc. but in this article ,i will be using redis.

So before starting with the implementation, lets talk about some key stuff you need to know about Pub/Sub.
Publish/subscribe is all about a scenerio where a service need to inform another service that an event has occured and also send a relating data as message to the receiver. Receiver in this case can be called the subscriber while the sender is the publisher.

The Subscriber in this case, does not need to know anything about the publishers or publisher and likewise the publisher doesn't to know anything about the subscribers, they also does not need to be related in anyway like technology stacks etc. Which means ,each service can be written in difference stacks therebby resulting into the flexibity in choice stack for a team.
The only thing connecting them together will be topic/channel in which each party is subscribing or publishing to.

Straight to implementation, all we want to do in this article is to be able to send messages/data to and fro with laravel ,and nodeJS/ExpressJS.

To setup your laravel environment and project boilerplate, please the official laravel documentations at
https://laravel.com/docs/8.x/installation.

if you are on linux based OS, you can install redis server by running the following commands in your terminal

sudo apt update
sudo apt install redis-server

sudo systemctl status redis
//to confirm the status of new redis server
//if not running ,you may need to start it by running
sudo service redis start

for windows user , you can download the zip file from https://github.com/MSOpenTech/redis/releases/download/win-3.2.100/Redis-x64-3.2.100.zip extract it and running
redis-server.exe after which you can run redis-cli.exe to open redis terminal.

for others, i will advise the use of docker.

After setting up your redis , you can confirm everything is set by running ping and if you receive back pong , we are good to go.
Now you have two option at this stage,
(I). if you are on linux based OS ,you will need to install php-redis extension using either of the commands below

sudo apt-get install php-redis

sudo apt-get install php{x.x}-redis
//where x.x is your cli php version e.g 7.4

you can also search how to install this extension on your OS,else you are going to get redis not found error.

(II). use the laravel library predis instead, start by installing the package predis/predis via composer using the command below

composer require predis/predis

after that, open the file configs/app.php in the aliases array, comment out the entry with the key Redis if already exists and replace with

        'LRedis'    => Illuminate\Support\Facades\Redis::class,

After choosing either of the above options ,open the file configs/database.php and in the connections array, replace the entry with key redis with the following code block.
Note intentionally leave out the prefix config out of the configs to avoid having to add prefix to channel's name or topic later on .

    'redis' => [
            'client' => 'predis',
/*if you are using the php-redis extension,you can change 'predis' here to 'phpredis'*/
            'default' => [
                'host' => env('REDIS_HOST', '127.0.0.1'),
                'password' => env('REDIS_PASSWORD', null),
                'port' => env('REDIS_PORT', 6379),
                'database' => env('REDIS_DATABASE', 0),
            ],
        ],

Now in your .env file , make sure you have something like below config in it

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
REDIS_DATABASE=0

For this article lets assume we are a creating a food delivery appplication which can let the receiver be able to chat with the dispatcher and also able to get the real time geographical coordinate of the dispatcher's movement via websocket.
lets divide into two services ,

The Food delivery Management (We are using laravel for this),this will be the main service handling the CRUD.
The Chat and notification service (NodeJS),this will handle everything notification, chat and live location update .Basically any realtime data.

Now let prepare nodejs project ,i will be assuming you have both nodeJS and NPM installed.

create a folder for your nodejs service

mkdir {folder's name}

in the folder, init by running

npm init -y

In this article, won't be talking about about websocket or its implemention as the scope of this article is all about pub/sub.

next step is to install some other dependencies like dotenv expressjs redis redis-server if you like to manage the server from your project https://www.npmjs.com/package/redis-server and nodemon to run the script continously in development. Later in the article ,i'm going to discuss how PM2 library can be use to run our scripts continously in background and how we can manage /monitor logs.

npm i expressjs redis redis-server dotenv
npm i nodemon -g

After all is done, create a .env file in the root folder with the following as its contents.


NODE_SERVER_PORT=9016

the value will be whatever available port you will like to use.

then create a file server.js with the following as content


const http = require("http");
const express = require("express");
const app = express();
const cors = require("cors");
const redis = require("redis");
require("dotenv").config();  
const { NODE_SERVER_PORT } = process.env;
 //get port from env file

app.use(express.json());

const server = http.createServer(app);


server.listen(NODE_SERVER_PORT, function () {
    console.log("server is running.");
});

Now lets assume that ,

We've implement socket connection in our nodejs (which i will do in one of my next articles) and in this implementation, will handled everything from chat message emiting to notifications and location data.
We don't want to connect our nodeJS to the database in which laravel will be connected to. (Infact no database).
Laravel service will be the only one that can perform database operations.
Both services can be subscriber ,publisher or even both.
Assuming every party of the application are on the app(online)

So in our laravel ,when a food has been ordered by a user
we need to alert the dispatcher , one thing we do here is polling the backend(laravel service) by from the dispatcher's client for any new order, which may not be an efficient solution as polling tends to be resources intensive.
so we can connect the dispatcher's client to nodejs service using websocket.

Now that they are connected via websocket, how do we let nodejs service know that something has happened in the laravel service? yeah that's where pub/sub comes in,we can publish a message in laravel and let nodejs subscribe to the topic/channel ,so anytime nodejs receive a message from the channel ,it process it as needed.

In our laravel service, we can either publish directly from whereever we need to

//import the class
use Illuminate\Support\Facades\Redis;

/*general is the channel/topic name ,this is what our nodejs service will subscribe to
second parameter is the whatever message object we want to send encoded into json string
*/

   Redis::publish('general', json_encode(['type' => 'NewOrder','order'=>$order]));

or
even better create a NewFoodOrderedEvent by running the command php artisan make:event NewFoodOrderedEvent and
php artisan make:listener NewFoodOrderedListener --event=NewFoodOrderedEvent
and then register the event and the listener in you EventServiceProvider.php

use App\Listeners\NewFoodOrderedListener;
use App\Events\NewFoodOrderedEvent;

protected $listen = [
      ....,
        NewFoodOrderedEvent::class => [
            NewFoodOrderedListener::class  ]
,...

    ];

if you follow the event approach, you may modify your event and listener class as below.
NewFoodOrderedEvent.php

<?php

namespace App\Events;

use Illuminate\Broadcasting\Channel;
use Illuminate\Broadcasting\InteractsWithSockets;
use Illuminate\Broadcasting\PresenceChannel;
use Illuminate\Broadcasting\PrivateChannel;
use Illuminate\Contracts\Broadcasting\ShouldBroadcast;
use Illuminate\Foundation\Events\Dispatchable;
use Illuminate\Queue\SerializesModels;

class NewFoodOrderedEvent
{
    use Dispatchable, InteractsWithSockets, SerializesModels;

    /**
     * Create a new event instance.
     *
     * @return void
     */
     public $data

    public function __construct($data)
    {
        $this->data=$data
   //whatever data you passed to this event constructor
    }


}

NewFoodOrderedListener.php


<?php

namespace App\Listeners;
//import the class
use Illuminate\Support\Facades\Redis;
use App\Events\NewFoodOrderedEvent;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Queue\InteractsWithQueue;

class NewFoodOrderedListener
{
    /**
     * Create the event listener.
     *
     * @return void
     */
    public function __construct()
    {
        //
    }

    /**
     * Handle the event.
     *
     * @param  NewFoodOrderedEvent  $event
     * @return void
     */
    public function handle(NewFoodOrderedEvent $event)
    {
        //in here you can then publish to the nodeJS service
    Redis::publish('general', json_encode($event->data));
    }
}

the event can be trigger/fire as below using the event helper

$payload = ['type' => 'NewOrder','order'=>$order];
event(new NewFoodOrderedEvent($payload));

then in the nodejs, we will need to subscribe to the general channel and listen to whatever message we get


const http = require("http");
const express = require("express");
const app = express();
const cors = require("cors");
const redis = require("redis");
require("dotenv").config();  
const { NODE_SERVER_PORT } = process.env;
 //get port from env file
app.use(express.json());

//lets initialise the subscriber 
const subscriber = redis.createClient();
//subscribe to general channel

subscriber.subscribe("general");

//now listen to whatever message is sent from laravel service 
subscriber.on("message", function (channel, data) {
/*channel returns the channel's name in our case now general
and the data now will be the json string we encoded in the laravel.
This can be parse to js object using JSON.parse()

*/

}

const server = http.createServer(app);
//subscribe to general channel 


server.listen(NODE_SERVER_PORT, function () {
    console.log("server is running.");
});

NOTE: if you need to subscribe and also publish in your nodejs, you will need to initialise two separate redis client one for subscribing and the other for publishing.One intialization cant be both subscriber and publisher.

To test if everything is working as it should, run the node server with nodemon server.js and also create a simple endpoint in the laravel that send the a get request to endpoint can trigger the event.basically call the event(new NewFoodOrderedEvent($payload)); in the endpoint implementation

OR use the laravel tinker Commandline tools php artisan tinker and create a mock order object and send by calling event(new NewFoodOrderedEvent($payload)); via tinker.

Facing any error?, monitor if the laravel service is actually publish data to redis by running the redis-cli and commandline and type MONITOR to confirm.

Now, we've been able to make laravel the publisher and nodejs the subscriber.
now lets exchange role.

lets subscribe to an event from nodejs on laravel.

To this ,we need to create something that will always running just as the nodemon is continously running the server.js script.
To this , we will need to create a custom artisan command ,in which we will subscribe to redis in its implementation.
then we are going to need a process that will continously run the command so that when the event occur in nodejs, the script in laravel will be available to receive it.

We have many options we can use like nhup,supervisor,pm2 and many more.

nohup in dev is a good option but in production its not as it may stop if the system restart.
supervisor and pm2 is what i will recommend in production but i personally prefer PM2.
Enough of talks, lets create a command that will hold our subscribe code.

php artisan make:command SubscribeToGeneralChannel then in the app/console/commands folder , open the file and edit as below.



<?php

namespace App\Console\Commands;

use App\Models\Order;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\Redis;

class SubscribeToGeneralChannel extends Command
{
    /**
     * The name and signature of the console command.
     *
     * @var string
     */
    protected $signature = 'redis:subscribe-general';
    /*
This is what will become the command we are going to use in terminal to subscribe our laravel service to nodejs
*/

    /**
     * The console command description.
     *
     * @var string
     */
    protected $description = 'Subscribe to general channel';
/*description of the command ,this show in the laravel artisan help
*/
    /**
     * Create a new command instance.
     *
     * @return void
     */
    public function __construct()
    {
        parent::__construct();
    }

    /**
     * Execute the console command.
     *
     * @return int
     */
    public function handle()
    {
         //general is the name of channel to subscribe to
        Redis::subscribe(['general'], function ($message) {
             //message in here is the data strring sent/publish from nodejs 
            $messageArray = json_decode($message, true);
            //convert to php associative array
         //lets echo the message we receive from node
          echo $message;

        });
    }
}

Now lets publish from node,like i said before,to publish from node,we will need to create a separate publisher client as below,



const http = require("http");
const express = require("express");
const app = express();
const cors = require("cors");
const redis = require("redis");
require("dotenv").config();  
const { NODE_SERVER_PORT } = process.env;
 //get port from env file
app.use(express.json());
const publisher = redis.createClient();

const order = {
id:1
};
publisher.publish('general',JSON.stringify(order))'
//this will publish the order to all subscriber of the general channel which is laravel



/*//lets initialise the subscriber 
const subscriber = redis.createClient();
//subscribe to general channel

subscriber.subscribe("general");

//now listen to whatever message is sent from laravel service 
subscriber.on("message", function (channel, data) {
/*channel returns the channel's name in our case now general
and the data now will be the json string we encoded in the laravel.
This can be parse to js object using JSON.parse()

*/

}

const server = http.createServer(app);
//subscribe to general channel 


server.listen(NODE_SERVER_PORT, function () {
    console.log("server is running.");
});

This can be easily monitored by using the in-terminal of vscode so you can easily tab nodemon, and when you run php artisan redis:subscribe-general(the custom command we created earlier) ,so you can inspect the message we echoed in our custom command immplementation.

In production , pm2 can be installed by running the command
npm install pm2@latest

and starting the node server by running pm2 start server.js

and confirm its running with the command pm2 status that let you see list of all jobs.

use pm2 run the laravel subscribe command by creating a file
runlaravelsubscribetogeneralcommand.yml

nano runlaravelsubscribetogeneralcommand.yml

and write in it


apps:
  - name: runlaravelsubscribetogeneralcommand
    script: artisan
    exec_mode: fork
    interpreter: php
    instances: 1
    args:
      - redis:subscribe-general

redis:subscribe-general in the code above is the custom command we created earlier.

to start the job run the command pm2 start runlaravelsubscribetogeneralcommand.yml

to check logs of each process, you can run pm2 status

and then run pm2 logs {indexofjob} for example pm2 logs 0

in development environment ,you can run the php artisan redis:subscribe-general directly or using a longer running process nohup nohup php artisan redis:subscribe-general --daemon &.

Got any problem while following,comment below. in next article , will be discussing how this process is combined with websocket to add a realtime features to currency trading app and how we provide two clients on a channel a sync realtime timer from the backend and how the timer was kept and stopped when its neccessary.

Learn to use laravel guard by creating an ads network

Olaniyi Philip Ojeyinka — Wed, 05 Aug 2020 20:19:11 +0000

In this article,we will be discussing how to use laravel authentication guard by creating a guard for an advertising network web app,think of Adsense,Bidvertiser etc.
Before we start discussing the laravel guard, you may be wondering when do i need laravel guard ? well, you need laravel guard when working on an app that serve different type of users or even if you want to create an admin dashboard for that your web app that authenticate user .

Typical advertising network website have more than three different type of users but in our case ,we are going to be creating just three types of users which are;
Advertiser:As the name sound, the user who come to the website to advertise his/her products and services.

Publisher:The publisher can be a blogger,app owner,web masters who want to monetize his/her contents.

Admin: An Admin in this case is the owner of the network.

I'm assuming you already have your laravel project ready.
The first step we are to take is to create a model and migrations for advertisers,publishers,and the admin.

php artisan make:model Advertiser -m to create both model and migration file for advertiser.
repeat same for publishers, admin by running the following code

php artisan make:model Publisher -m
php artisan make:model Admin -m
The next step is to extend the authenticatable class for us to be able to use some of the already built authentication features.

So your Advertiser,Admin , Publisher model contents should look as the following code sample

<?php

namespace App;

use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
//change the class name to publisher for publisher model
//and Admin for the admin model
class Advertiser extends Authenticatable
{
    use Notifiable;

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name', 'email', 'password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password', 'remember_token',
    ];

    /**
     * The attributes that should be cast to native types.
     *
     * @var array
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
    ];
}

We are getting there 🙄,next step is to add the following columns to the advertiser,publisher and admin migrations we created earlier.



            $table->string('email')->unique();
            $table->timestamp('email_verified_at')->nullable();
            $table->string('password');
            $table->rememberToken();

Yey,its time to actually create our guard, go to config/auth.php file,you can see the whole file returns a multi-array.lookout for the array element with key as "guards" as in the code below.

 'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'token',
            'provider' => 'users',
            'hash' => false,
        ],
    ],

The sub element with key "web" is the guard for the default user that comes with laravel.
now we are to add code like that to the array for each of our own user types.See the code below.


'advertiser' => [
            'driver' => 'session',
            'provider' => 'advertisers',
        ],
'publisher' => [
            'driver' => 'session',
            'provider' => 'publishers',
        ],
'admin' => [
            'driver' => 'session',
            'provider' => 'admins',
        ],


//these codes goes in to the values of guards (same level as the "web"

scroll down while still in the config/app.php file ,you will see another key "providers".
The next step is to link our models to the providers as follows by adding the below code to the values of the key 'providers'

//the keys(advertisers,publishers,admins) here are the values we gave to the provider in "guards" array above. 
 'advertisers' => [
            'driver' => 'eloquent',
            'model' => App\Advertiser::class,
        ],
'publishers' => [
            'driver' => 'eloquent',
            'model' => App\Publisher::class,
        ],
'admins' => [
            'driver' => 'eloquent',
            'model' => App\Admin::class,
        ],

Next step is to create a middleware for each of our guards to protect each user types resources.
Run the following commands below to create middlewares for each of our guards.
php artisan make:middleware AdminAuth
php artisan make:middleware AdvertiserAuth
php artisan make:middleware PublisherAuth

Now go into your app/Http/middleware directory,and edit each middlewares we created above as follows:


<?php

namespace App\Http\Middleware;
use Auth;
use Illuminate\Support\Facades\Session;
use Closure;
/*AdvertiserAuth,PublisherAuth in AdvertiserAuth.php ,PublisherAuth.php respectively */
class AdminAuth
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
//change the guard static method parameter to advertiser,publisher 
//incase of  AdvertiserAuth.php ,PublisherAuth.php
/*
note:the parameter value here are the guard we registered in the guard array in config/auth.php file
*/
        if(Auth::guard('admin')->check()){
           return $next($request);

         }
         return redirect()->route('admin.login')->withErrors([ 'Not allowed']);

//redirect here to your corresponding login page
    }
}

The last step to take now is to register our middlewares in the app/Http/kernel.php file on the array values of the $routeMiddleware properties.
in the $routeMiddleware array, the key is the name we can use to call our middlewares in our route.
you are to add our middlewares to the array as follows


protected $routeMiddleware = [...
"advertiser.auth" =>\App\Http\Middleware\AdvertiserAuth::class,
"publisher.auth" =>\App\Http\Middleware\PublisherAuth::class,
"admin.auth" =>\App\Http\Middleware\AdminAuth::class,

]

Now,we can use our guard and middlewares to protect our routes as in the example below.



 Route::middleware(['advertiser.auth'])->group(
        function(){
//protected advertiser routes here
});

 Route::middleware(['publisher.auth'])->group(
        function(){
//protected publisher routes here
});

 Route::middleware(['admin.auth'])->group(
        function(){
//protected admin routes here
});

at last😹,we are done ,while its possible to achieve same result as above by just creating a column of user_type with possible values like advertiser,admin,publisher in the users table ,its not recommended & overtime,it can also become more harder to maintain.

Give your API More Security Layer

Olaniyi Philip Ojeyinka — Sat, 01 Aug 2020 21:43:53 +0000

Due to the nature of the product am working on,a fintech solution,i have to interact with multiple APIs. While doing this,i discovered some really cool techniques one can build a much more secure API without sacrificing ease of access.

You may be thinking ,why do i need another security layer? i can use either the basic auth or header token bearer and maybe even just create a secret/public key for the endpoint user/client to protect access to my API service Yes you are right! but it won't be bad also to give you API more security and also what if someone else somehow gain an access to authorization credentials? won't it make sense if even the access is stolen,and the data useless because its encrypted? for the next few seconds/minutes you will use reading this article,i will be discussing two of approaches i have discovered.

Approach 1

in this approach ,we are to hash a variable(s) and a secret keywords or even the whole payload using the agreed encrypting algorithm.
so for every request to the server ,the server compare the hash value to check for its authenticity and also the client check the authenticity of the data received before performing any further action.
for example ,lets assume the interaction below is between two systems;the server and the client, the agreed hashing algorithm is unreal256 that can be used with thehash() function. Assuming we have an API server that returns user's transaction histories to another system.We can choose to hash some values like userID +sharedSecretKey+...

{
"userID":6,
"hashed":"z332Xcte3490"//hashed string returns by hash() our unreal hashing function
}

Before either party process any request ,it must check the authenticity of the request received by comparing the hashed value in the received payload.
To even make the process much more secure ,we can even implement our API in such a way that before the client server can perform any action they must send something like an initializing request to the host server that give a random characters(saved by host server) as response for the client server to hashed with other variables and predefined characters or values.

Approach 2

In this approach ,we will be using the The GNU Privacy Guard the library/application is describe as below on the official site GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. Basically in this approach,each party exchange public keys,and encrypt request/response with each other public key while each one decrypt with its own private key. for example System A will encrypt with system B public key and System B will encrypt also with System A public key when sending request , each one decrypt response with its own private key. for more data privacy, we can then choose to encrypt the whole payload and send/receive as just a text(hashed value). to use this approach in your javascript application ,you can checkout the project OpenPGP and for PHP check OpenGPG PHP

Got some other approaches you will want others to learn? please comment it below and lets learn together.

The Jude way to recursion

Olaniyi Philip Ojeyinka — Sun, 21 Jul 2019 10:13:47 +0000

So before we start,let me introduce to you ,Jude ,jude has been sleeping for the last couple of hours and it somehow seems unusual of him,so we brought out one of our many imaginary tools to detect any irregularities in someone
sleep and we detect at that moment that, he is dreaming and also in the dream he slept and also find him self dreaming about
himself sleeping and and also dreaming ......
So we went on to detect what exactly our dear jude is dreaming,and realised he as been dreaming about owning a tesla
and at the lowest level of his dream he owns a higher model of the car as the level of the dream get higher he owns a lower model of the car.

D1-Dream at level one
D2-Dream at level two
D3-Dream at level three
D2-Dream at level four

While he continues dreaming we hope he didn't enter an unending dream cycle and he get up soon(When the base case is met).

Thats Enough Story, I think what happened to jude can be said to be a recursive(adjective of recursion) dreaming so what is
recursion ? recursion is just the act of defining a function or an object in terms of itself that is calling a fuction or
object right inside of its definition.And according to wikipedia its said to be a function defined in terms of simpler and often
smaller versions of itself.
Well, You may be thinking "what the fuck do we need recursion for" recursion can be used to perform repetitive task just like iteration loop
,although not a perfect replacement or alternative to iterations because it could require more space since each function calls are stored in the Stack before reaching the base
case.
Stack? oh whats that?according to wikipedia, a stack is abstract data type that serves as a collection of elements,with two principal operations
Push(add an element) and Pop(remove element).The operation may be performed in two different ways which are

First in Last out
and
Last in First Out

Just see it as a storage container or even think of it just like a stack of book as in picture below

and clearly the example above follow the last in first out order because if we are to take from the book stack
safely without having anyone of the stack fallen ,we have to start from the top.

In this article, we will be using recursion to calculate the power of a number and implementation will be in
JAVA.

//code

...

class Test{


    public int repeat(int x, int n){

        if (n == 0) {
            return 1;
        }
        return  x*repeat(x,n-1);


    }
    public static void main(String[] args){
        Test test = new Test();
        System.out.println( test.repeat(5,3));

    }
}

...

Explanation :

Starting from the left to right,when we make a call to the powerOf() the first time its details were saved in the stack and as we move up (check the up arrow),it continue saving the simpler version of function into the stack memory until the base case is reached and then return the resulting value to the next stack (Check the down arrow) until main stack is reached where result is returned.

Find any error? Please let me know in the reply section.Anyways just finished my first article.