Like many things AWS all this information can be found in the AWS docs themselves, but scattered everywhere. This article on service policies (or resource policies) vs IAM permissions provides some background for what we'll do here. There are two pieces here: 1. The Elastic Container Repository (ECR) in one AWS account (account ID 1111111111… Continue reading How Access an AWS Container Repository from Another Account
I used to have an interface for nearly everything when building applications and I've been pulling back on that position lately. Here I'll explain two cases where I've pulled back and written fewer interfaces. No implements Keywords Does Not Mean There Are No Interfaces This is important: every single object has an interface it presents… Continue reading Not Everything Needs an Interface
JSON web tokens don't have anything to do with OAuth. They don't even have inheritly anything to do with authentication or authorization -- though that's one use for JWT. JWT is a system for, "method for representing claims securely between two parties." That's it. Those claims may be related to authorization or OAuth, but they… Continue reading Protocol Confusion
I recently had to do some work with PostgreSQL arrays in a PHP app. My first question: how do I manage arrays as parameterized values in a query? Turns out there are two ways forward: Array Literals These appear in the Postgres documentation as curly brace surrounded, comma delimited lists: {1,2,3}. A literal like this… Continue reading Working with PostgreSQL Arrays in PHP
At PMG we run pretty much every application in AWS's Elastic Container Service with web entrypoint handled by Application Loader Balancers. One feature of the ALB and ECS is that web-based services do a blue/green deployment. When a new version of the application is shipped, it spins up a new container in the ECS cluster… Continue reading Useful Health Check Endpoints in PHP Applications
After researching service workers a bit, none of the tutorials seem to explicitly state what self actuall is. It's a ServiceWorkerGlobalScope implementation. The events passed to the install and activate listeners are ExtenableEvent implementations. This is where the waitUntil method comes from to force an event listener to wait until a promise resolves. The install… Continue reading What is Self in a Service Worker?
I was recently working on a mac-based dev environment and need to proxy from a container running nginx (to handle HTTPS connections) to a server running on the host machine. Docker's host network mode does not work on MacOS as expected given that docker is running inside a VM rather than directly in the host's… Continue reading How to Connect to the Host Machine from a Container on Docker for Mac
Nginx has a bunch of custom https status codes that it uses internally to signal issues. One such status code is 497: the client made an http request on an https listener. These custom status codes can be used in combination with an error_page directive which can be used to redirect. This will send a… Continue reading Redirecting HTTP Requests on an HTTPS Listener in Nginx (Status Code 497)
Symfony's security configuration for logout functionality in a firewall has a few handler keys that are worth digging into: Logout Handlers These are defined in the handlers key of the configuration above and the classes behind the listed services must implement LogoutHandlerInterface. Logout handlers should perform actions related to logging the user out. For example,… Continue reading Symfony Logout Handlers vs Logout Success Handlers
Symfony has some great documentation on adding custom security authentication providers, but there is a similarly mature system for user providers. While there is support for custom user providers already which are defined as services within an application, I was looking for a way to provide something similar to the way memory user providers work:… Continue reading Custom User Provider Factories for the Symfony Security Bundle
