I've hit this a few times and had to remind myself how Postgres behaves when aggregating JSON columns or including them in ROW_TO_JSON. The short answer is that Postgres does the right thing. When a JSON column is included in ROW_TO_JSON or JSON_AGG the resulting values are not nested, encoded JSON. Here's our sample table… Continue reading PostgreSQL’s ROW_TO_JSON and JSON_AGG with JSON Columns
Say there's a Symfony form that requires either one field to be submitted or another field. In this case, it's okay if both are submitted, but at least one is required. I had this exact situation come up earlier this week and all the solutions I found were related to adding validation to models. I… Continue reading How to Require One Symfony Form Field and/or Another
There are two side of the security coin: authentication and authorization. Authentication answers the question of who (a principal) is making the request to a given endpoint. Authorization is what determines if the principal is actually is allowed to do what they are trying to do. If authentication fails, a 401 Unauthorized response should be… Continue reading When to Return a 401 vs 403 HTTP Response
One thing I do pretty consistently when adding something to a web application is design the entity objects first, along with any associated value objects, without really thinking (or caring) about how those entities will be persisted or retrieved. For example, I recently had to design and build an audit log system for a project… Continue reading Design Data First
This article ist mostly about Symfony, but the advice here applies across frameworks. It's easier to define what's shouldn't be injected as a dependency: things global to the framework or the application being built. A form system is something global to the framework/application. Should the FormFactory be injected into every controller? How about templating? Should… Continue reading What Dependencies Should be Injected into a Controller?
Specifically inversion of control is about not making a choice in one place and forcing that choice to be made elsewhere. Take a library that talks to a database. Should that library make a choice on how to connect to the datatabase? If it does, that's a huge set of things to support and more… Continue reading Inversion of Control is About Choice
What happens when an INSERT ... ON DUPLICATE KEY statement is followed by LAST_INSERT_ID() when an update is made? Does LAST_INSERT_ID() return the ID of the row updated? MySQL's documentation on INSERT ... ON DUPLICATE KEY states that... If a table contains an AUTO_INCREMENT column and INSERT ... ON DUPLICATE KEY UPDATE inserts or updates… Continue reading How do MySQL’s LAST_INSERT_ID() and INSERT … ON DUPLICATE KEY Work Together
Like many things AWS all this information can be found in the AWS docs themselves, but scattered everywhere. This article on service policies (or resource policies) vs IAM permissions provides some background for what we'll do here. There are two pieces here: 1. The Elastic Container Repository (ECR) in one AWS account (account ID 1111111111… Continue reading How Access an AWS Container Repository from Another Account
I used to have an interface for nearly everything when building applications and I've been pulling back on that position lately. Here I'll explain two cases where I've pulled back and written fewer interfaces. No implements Keywords Does Not Mean There Are No Interfaces This is important: every single object has an interface it presents… Continue reading Not Everything Needs an Interface
JSON web tokens don't have anything to do with OAuth. They don't even have inheritly anything to do with authentication or authorization -- though that's one use for JWT. JWT is a system for, "method for representing claims securely between two parties." That's it. Those claims may be related to authorization or OAuth, but they… Continue reading Protocol Confusion
