DEV Community: Abdurrahman Shofy Adianto The latest articles on DEV Community by Abdurrahman Shofy Adianto (@azophy). https://dev.to/azophy https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F630846%2F42c853ff-2e90-46c5-ae9c-cf7dc343a03f.png DEV Community: Abdurrahman Shofy Adianto https://dev.to/azophy en How to update multiple rows based on list of key-val pairs (in MySQL, MariaDB, & PostgreSQL) Abdurrahman Shofy Adianto Fri, 29 Sep 2023 09:26:50 +0000 https://dev.to/azophy/how-to-update-multiple-rows-based-on-list-of-key-val-pairs-in-mysql-mariadb-postgresql-4lpp https://dev.to/azophy/how-to-update-multiple-rows-based-on-list-of-key-val-pairs-in-mysql-mariadb-postgresql-4lpp <p>I've encountered the needs for this technique multiple times. Mostly when the data is generated from other applications, and my only access to the database is via web-based SQL interface such as Adminer or PHPMyAdmin. It seems that currently there are no comprehensive article outlining how to achieve this. So I'll just write my findings here.</p> <h2> MySql 5.x </h2> <p>as this version doesn't support <code>VALUES</code> clause yet, our only choice is to use the ugly <code>CASE-WHEN</code> syntax:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">UPDATE</span> <span class="k">table_name</span> <span class="k">SET</span> <span class="n">changed_col</span> <span class="o">=</span> <span class="k">CASE</span> <span class="n">comparison_col</span> <span class="k">WHEN</span> <span class="s1">'key1'</span> <span class="k">THEN</span> <span class="s1">'value1'</span> <span class="k">WHEN</span> <span class="s1">'key2'</span> <span class="k">THEN</span> <span class="s1">'value2'</span> <span class="p">...</span> <span class="k">END</span> <span class="k">WHERE</span> <span class="n">comparison_col</span> <span class="k">in</span> <span class="p">(</span><span class="s1">'key1'</span><span class="p">,</span> <span class="s1">'key2'</span><span class="p">,</span> <span class="p">...)</span> </code></pre> </div> <p>reference: <a href="https://stackoverflow.com/a/13067614">https://stackoverflow.com/a/13067614</a></p> <h2> MySql 8.x </h2> <p>Luckily this version introduced <code>VALUES</code> clauses, so we could write the data more concise using <code>VALUES ROW(..), ROW(..)</code> syntaxes.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">UPDATE</span> <span class="k">table_name</span> <span class="k">SET</span> <span class="n">changed_col</span> <span class="o">=</span> <span class="n">temp_data</span><span class="p">.</span><span class="n">column1</span> <span class="k">FROM</span> <span class="p">(</span><span class="k">VALUES</span> <span class="k">ROW</span><span class="p">(</span><span class="s1">'key1'</span><span class="p">,</span> <span class="s1">'val1'</span><span class="p">),</span> <span class="k">ROW</span><span class="p">(</span><span class="s1">'key2'</span><span class="p">,</span> <span class="s1">'val2'</span><span class="p">),</span> <span class="p">....</span> <span class="p">)</span> <span class="k">as</span> <span class="n">temp_data</span> <span class="k">WHERE</span> <span class="n">comparison_col</span> <span class="o">=</span> <span class="n">temp_data</span><span class="p">.</span><span class="n">column0</span> </code></pre> </div> <p><a href="https://dev.mysql.com/doc/refman/8.0/en/values.html">https://dev.mysql.com/doc/refman/8.0/en/values.html</a></p> <h2> MariaDB 10.x </h2> <p>MariaDB's <code>VALUES</code> clause is shorter as it doesn't use the <code>ROW</code> keyword at all<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">UPDATE</span> <span class="k">table_name</span> <span class="k">SET</span> <span class="n">changed_col</span> <span class="o">=</span> <span class="n">temp_data</span><span class="p">.</span><span class="n">column1</span> <span class="k">FROM</span> <span class="p">(</span><span class="k">VALUES</span> <span class="p">(</span><span class="s1">'key1'</span><span class="p">,</span> <span class="s1">'val1'</span><span class="p">),</span> <span class="p">(</span><span class="s1">'key2'</span><span class="p">,</span> <span class="s1">'val2'</span><span class="p">),</span> <span class="p">....</span> <span class="p">)</span> <span class="k">as</span> <span class="n">temp_data</span> <span class="k">WHERE</span> <span class="n">comparison_col</span> <span class="o">=</span> <span class="n">temp_data</span><span class="p">.</span><span class="n">column0</span> </code></pre> </div> <h2> PostgreSQL </h2> <p>Postgres definitely have the best syntax among the three, as it support aliasing column names for <code>VALUES</code> syntax, just as SQL Server did<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">UPDATE</span> <span class="k">table_name</span> <span class="k">SET</span> <span class="n">changed_col</span> <span class="o">=</span> <span class="n">temp_data</span><span class="p">.</span><span class="n">col_name_1</span> <span class="k">FROM</span> <span class="p">(</span><span class="k">VALUES</span> <span class="p">(</span><span class="s1">'key1'</span><span class="p">,</span> <span class="s1">'val1'</span><span class="p">),</span> <span class="p">(</span><span class="s1">'key1'</span><span class="p">,</span> <span class="s1">'val2'</span><span class="p">),</span> <span class="p">...</span> <span class="p">)</span> <span class="n">temp_data</span> <span class="p">(</span><span class="n">col_name_1</span><span class="p">,</span> <span class="n">col_name_2</span><span class="p">)</span> <span class="k">WHERE</span> <span class="n">comparison_col</span> <span class="o">=</span> <span class="n">temp_data</span><span class="p">.</span><span class="n">col_name_2</span> </code></pre> </div> <p>reference: <a href="https://stackoverflow.com/a/18799497">https://stackoverflow.com/a/18799497</a></p> <h2> Conclusion </h2> <p>Indeed, if you have the data in CSV format, or you have direct access to the database, its easier to just import it using dedicated SQL toolbox. However as this is not always the case, I think this article should be valuable, at least for myself in the future. Hope it helps</p> database mysql postgressql How to edit & replace NPM package dependency Abdurrahman Shofy Adianto Tue, 15 Aug 2023 12:08:50 +0000 https://dev.to/azophy/how-to-edit-replace-npm-package-dependency-1b5e https://dev.to/azophy/how-to-edit-replace-npm-package-dependency-1b5e <p>Last week, my <a href="https://github.com/unjs/unstorage/pull/269" rel="noopener noreferrer">first actual contribution into a public open source</a> project has been merged. Its actually only a small changes into <a href="https://unstorage.unjs.io" rel="noopener noreferrer">Unstorage</a> library, which is used by <a href="https://nitro.unjs.io/" rel="noopener noreferrer">Nitros server engine</a>, which in turn used by the popular <a href="https://nuxt.com" rel="noopener noreferrer">NuxtJs</a> framework. At the time, I was stuck in one of my side project which used Nuxt because Unstorage is lacking some functionalities that I need. However because Unstorage is 2 layers deep in the dependency tree, its not trivial for me to change the code there.</p> <p>I imagine this is actually a common task when working with NPM. There are many reason for people to changes the library which is several layers deep in the dependency tree. Maybe they encounter a bug that need to be fixed, or there are some security issue so they wish to change the dependency into another library. However at the time I can’t find any complete tutorial for achieving this task. I only found some partial steps or incomplete docs that I need to piece together. So after some fiddling and some trials and errors, I finally found how to do it. Here I will share the methods so other people wouldn’t have to go through the same trouble as I did.</p> <p>To show you how its done, I will demonstrate by doing basically the same thing. That is by creating a new Nuxt project, and then forking the unstorage package with my own changes. However in this example we would only add a simple change that wouldn’t affect the overall feature, just to illustrate how its done. You could ignore the NuxtJs parts as its not actually required for our main topic here.</p> <h2> Setting up the scene </h2> <p>First lets create a new Nuxtjs Project.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> npx nuxi@latest init my-app <span class="nb">cd </span>my-app </code></pre> </div> <p>then lets setup a simple page to use unstorage feature. Lets create a simple counter page using it that would store into the default unstorage store (which is memory store). first we will edit <code>app.vue</code> file:</p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="c1">// app.vue</span> <span class="p">&lt;</span><span class="nt">template</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span><span class="p">&gt;</span> Counter: <span class="si">{</span><span class="p">{</span> <span class="nx">counter</span> <span class="p">}</span><span class="si">}</span> <span class="p">&lt;</span><span class="nt">button</span> <span class="err">@</span><span class="na">click</span><span class="p">=</span><span class="s">"updateCounter()"</span><span class="p">&gt;</span> add <span class="p">&lt;/</span><span class="nt">button</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">br</span> <span class="p">/&gt;</span> Server Counter: <span class="si">{</span><span class="p">{</span> <span class="nx">server_counter</span> <span class="p">}</span><span class="si">}</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">template</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">script</span> <span class="na">setup</span> <span class="na">lang</span><span class="p">=</span><span class="s">"ts"</span><span class="p">&gt;</span> const counter = useState('counter', () =&gt; 0) const server_counter = useState('server_counter', () =&gt; 0) async function updateCounter() <span class="si">{</span> <span class="nx">counter</span><span class="p">.</span><span class="nx">value</span><span class="o">++</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">$fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/add_counter</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">post</span><span class="dl">'</span><span class="p">,</span> <span class="na">body</span><span class="p">:</span> <span class="p">{</span> <span class="na">counter</span><span class="p">:</span> <span class="nx">counter</span><span class="p">.</span><span class="nx">value</span> <span class="p">},</span> <span class="p">})</span> <span class="nx">server_counter</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="nx">res</span><span class="p">.</span><span class="nx">value</span> <span class="si">}</span> <span class="p">&lt;/</span><span class="nt">script</span><span class="p">&gt;</span> </code></pre> </div> <p>then we will add <code>server/api/add_counter.post.ts</code>. Again, this is nuxtjs stuffs. Its not necessary to understand how to replace NPM dependency.</p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="c1">// server/api/add_counter.post.ts</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">defineEventHandler</span><span class="p">(</span><span class="k">async </span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">counter</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">readBody</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="k">await</span> <span class="nf">useStorage</span><span class="p">().</span><span class="nf">setItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">data:counter</span><span class="dl">'</span><span class="p">,</span> <span class="nx">counter</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">useStorage</span><span class="p">().</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">data:counter</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="na">value</span><span class="p">:</span> <span class="nx">res</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <p>now we have a simple dummy example for our demonstration:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzosdcu5k41hert0xhic2.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzosdcu5k41hert0xhic2.png" alt="Screenshot of our new dummy web app"></a></p> <h2> Forking the depended package </h2> <p>Lets clone the unstorage package into our local env, then change it to our needs.</p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="nx">git</span> <span class="nx">clone</span> <span class="nx">https</span><span class="p">:</span><span class="c1">//github.com/unjs/unstorage.git</span> <span class="nx">cd</span> <span class="nx">unstorage</span> <span class="nx">npm</span> <span class="nx">install</span> </code></pre> </div> <p>to illustrate our change, lets just add a simple console.log in <code>src/drivers/memory.ts</code> whenever we store new value</p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="p">...</span> <span class="nf">setItem</span><span class="p">(</span><span class="nx">key</span><span class="p">,</span> <span class="nx">value</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`setting key </span><span class="p">${</span><span class="nx">key</span><span class="p">}</span><span class="s2"> with value </span><span class="p">${</span><span class="nx">value</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="nx">data</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">key</span><span class="p">,</span> <span class="nx">value</span><span class="p">);</span> <span class="p">},</span> <span class="p">...</span> </code></pre> </div> <p>now run <code>npm run build</code> to make sure our local changes is ready to use</p> <h2> Overwrite dependency in our main package with local changes </h2> <p>After we finished our local changes, now we are ready to overwrite our dependency. Open <code>package.json</code> of our Nuxt project, then in <code>devDependencies</code> section we’ll overried unstorage package with the local path to our forked unstorage package. Of course this depends on your needs whether to change <code>devDependencies</code> or <code>dependencies</code> section.</p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="c1">// package.json</span> <span class="c1">// other settings...</span> <span class="dl">"</span><span class="s2">devDependencies</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">unstorage</span><span class="dl">"</span> <span class="p">:</span> <span class="dl">"</span><span class="s2">file:/full/path/to/your/forked-unstorage</span><span class="dl">"</span><span class="p">,</span> <span class="c1">// other dependencies...</span> </code></pre> </div> <p>Notice that we use <code>file:&lt;path&gt;</code> format for our dependency location. Now we add a new <code>overrides</code> section to our package json. Here we need to adjust based on our dependency tree. In our case, unstorage is a dependency of Nitros server engine, which in turn is a dependency of NuxtJs. So our <code>overrides</code> section would look like this:</p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="c1">// package.json</span> <span class="c1">// other settings... </span> <span class="dl">"</span><span class="s2">overrides</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">nuxt</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">nitropack</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">unstorage</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">$unstorage</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>now run <code>npm update</code> our Nuxt folder to update our dependency, then restart our local nuxt server. We could confirm by running <code>ls -al node_modules/unstorage</code> on our Nuxt folder and see that our unstorage folder has been changed into a link to our forked unstorage folder:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flp2r31vdk5gkhhe6u7w8.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flp2r31vdk5gkhhe6u7w8.png" alt="Content of our latest unstorage local folder"></a></p> <p>now when we try our nuxt app, it would print out our latest changes:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzvinmt8yb93jt2ud93py.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzvinmt8yb93jt2ud93py.png" alt="Result of our latest changes"></a></p> <h2> Publishing our changes temporarily </h2> <p>We have successfully override our dependency locally. Now hot to use it in our staging or production environment? We actually need to make our changes available publicly. The best ways is of course to merge it into the official upstream package. You could create a new pull request here to the upstream repo, and the repo maintainer would merge it into the codebase which you could use it in your project. Of course this rarely would happen quickly, so we the alternative is to just publish it in github. NPM actually support <a href="https://docs.npmjs.com/cli/v9/configuring-npm/package-json#github-urls" rel="noopener noreferrer">using github repo &amp; branch as NPM package</a>, so we would use this method here.</p> <p>First lets create a new branch in our local folder, than commit the build folder into the new branch. Then push it into your own github repo. </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># in our forked unstorage folder</span> git checkout <span class="nt">-b</span> my-build-branch git add <span class="nt">-f</span> dist git commit <span class="s1">'example npm build'</span> git push <span class="nt">-o</span> origin my-build-branch </code></pre> </div> <p>You could see <a href="https://github.com/azophy/unstorage/tree/feat/vercelkv-ttl-build" rel="noopener noreferrer">my branch in my github account</a> for reference. There you could see that it contains <code>dist</code> folder which contain my local build at the time. In my case, <code>dist</code> folder is actually included in <code>.gitignore</code> of unstorage repo so I need to run <code>git add -f dist</code> to forcefully add the folder into my commit.</p> <p>Now, we are ready to update our <code>package.json</code> once more. Update our <code>devDepencies</code> / <code>dependecies</code> section with our public github repo &amp; branch. For example, in my case it would be:</p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code> <span class="c1">// package.json</span> <span class="c1">// other settings...</span> <span class="dl">"</span><span class="s2">devDependencies</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">unstorage</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">azophy/unstorage#my-build-branch</span><span class="dl">"</span><span class="p">,</span> </code></pre> </div> <p>then run <code>npm update</code> once more. now you are ready to use your new fork on your project.</p> <h2> Conclusion </h2> <p>I hope this article could give you a clear outline about how to replace NPM dependency by yourself. Feel free to comment if you find anything lacking.</p> npm git javascript Using Laravel as a service proxy/gateway Abdurrahman Shofy Adianto Mon, 20 Feb 2023 06:20:07 +0000 https://dev.to/azophy/using-laravel-as-a-service-proxygateway-3ig9 https://dev.to/azophy/using-laravel-as-a-service-proxygateway-3ig9 <p>Last week at my dayjob, I was exploring options for implementing a proxy endpoint for one our external service. One of the stack used in our application is Laravel, so naturally I investigated how to implement a proxy endpoint using it. Turns out its pretty simple a Laravel already included most of the stuff required to built it. This approach should be suitable for many simple use case to avoid overhead of adding new dedicated proxy service such as a full blown API gateway like Traefik or Kong, or if you need custom logic which may be hard to achieve using on-the-shelf solutions.</p> <h2> why </h2> <p>When building application using microservice/service oriented architecture, its common to require connection to external services. This services may be some vendor API such as email provider, payment gateway, or simply internal service that one way or another happen to be in a different networks. Some common use cases:</p> <ul> <li>limit access to credential. by using a single proxy service, other services didnt need to store credential to external services, thus providing better control in terms of maintanance &amp; security.</li> <li>sharing resource. for example: oauth token. each service didn't need to request their own token, but instead could share the same token which handled by the proxy service. other example is to caching resource, so frequently accessed resources only need to be accessed in a handful of times</li> </ul> <h3> why laravel? </h3> <p>In restropect, Laravel may be an odd choice for building a custom proxy service/API Gateway. If you intent on making the service as a standalone service, it may make more sense to use some microframework such as Lumen or just use Symphony. Other options is to use other more performant stack like Golang or NodeJs. However in my case, the system would actually be embedded in existing Laravel service (because of some reasons), and because of that I want to share my experience, in case someone encounter similar situation like I did.</p> <h3> pros compared to dedicated proxy service/api gateway </h3> <ul> <li>easy to implement custom logic. when using dedicated service, you may need to use some obscure DSL, or plugging your script in some weird way. Obviously this may be subjective, but IMHO using existing stack is a clear advantage as it reduce cognitive load on building &amp; maintaining the service.</li> <li>no additional maintenance overhead: no new technology need to be learn</li> </ul> <h3> cons </h3> <ul> <li>additional work hops compared to direct access, although it depends on situation. caching may actually improve network connection</li> <li>limited scalibility </li> </ul> <h2> how </h2> <h3> prerequisities </h3> <p>for this tutorial, we'll use Guzzle library as HTTP client. some of you may wondering, "why dont we use Laravel's built-in HTTP client?". Well, Laravel's client is easier to use, but its less flexible for our needs. Laravel's HTTP Client is actually just a wrapper around Guzzle, so it made sense that it may actually less flexible.</p> <p>To install guzzle just run<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>composer require guzzlehttp/guzzle </code></pre> </div> <p>Also for brevity, here we would implement the endpoint right in our route file. In practice, it would be cleaner to separate the logic into dedicated controller file. Here you could choose either <code>routes/web.php</code> or <code>routes/api.php</code>, or event create a new route file if you prefer.</p> <h3> basic usage </h3> <p>Lets start simple. Here we would create new endpoint that would call httpbin.org given the path &amp; HTTP method<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="kn">use</span> <span class="nc">GuzzleHttp\Client</span> <span class="k">as</span> <span class="nc">HttpClient</span><span class="p">;</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">any</span><span class="p">(</span><span class="s1">'/proxy/{path}'</span><span class="p">,</span> <span class="k">function</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$req</span><span class="p">,</span> <span class="nv">$path</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HttpClient</span><span class="p">([</span> <span class="s1">'base_uri'</span> <span class="o">=&gt;</span> <span class="s1">'https://httpbin.org'</span> <span class="p">]);</span> <span class="k">return</span> <span class="nv">$client</span><span class="o">-&gt;</span><span class="nf">request</span><span class="p">(</span><span class="nv">$req</span><span class="o">-&gt;</span><span class="nf">method</span><span class="p">(),</span> <span class="nv">$path</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>the code should be pretty straighforward. for every request to <code>/proxy/{path}</code>, it would make a request to <code>httpbin.org/{path}</code> with the same HTTP method. you could try requesting the new endpoint using different methods to see it in effect. here I used <a href="https://httpie.io">HTTPie</a> to test the endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>http POST localhost:8000/proxy/post http PUT localhost:8000/proxy/put http DELETE localhost:8000/proxy/delete </code></pre> </div> <h3> proxy-ing subpaths </h3> <p>If you notice, the path variable actually only able to retrieve the path, but not the subpath. for example getting localhost:8000/proxy/get works, but localhost:8000/proxy/get/subpath would failed, because laravel would not be able to route the later. the solution is simply to add 'where" method to allow path variable to catch all subpath. so just add:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nc">Route</span><span class="o">::</span><span class="nf">any</span><span class="p">(</span> <span class="c1">//...</span> <span class="p">)</span><span class="o">-&gt;</span><span class="nf">where</span><span class="p">(</span><span class="s1">'path'</span><span class="p">,</span> <span class="s1">'.*'</span><span class="p">);</span> </code></pre> </div> <h3> adding request body, params &amp; response code </h3> <p>you may also realize that our current implementation doesn't forward our request body, query params, and response status code. so lets change that:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">//...</span> <span class="nv">$resp</span> <span class="o">=</span> <span class="nv">$client</span><span class="o">-&gt;</span><span class="nf">request</span><span class="p">(</span><span class="nv">$req</span><span class="o">-&gt;</span><span class="nf">method</span><span class="p">(),</span> <span class="nv">$path</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'query'</span> <span class="o">=&gt;</span> <span class="nv">$req</span><span class="o">-&gt;</span><span class="nf">query</span><span class="p">(),</span> <span class="s1">'body'</span> <span class="o">=&gt;</span> <span class="nv">$req</span><span class="o">-&gt;</span><span class="nf">getContent</span><span class="p">(),</span> <span class="p">]);</span> <span class="k">return</span> <span class="nf">response</span><span class="p">(</span><span class="nv">$resp</span><span class="o">-&gt;</span><span class="nf">getBody</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">getContents</span><span class="p">(),</span> <span class="nv">$resp</span><span class="o">-&gt;</span><span class="nf">getStatusCode</span><span class="p">());</span> <span class="c1">//...</span> </code></pre> </div> <h3> forwarding necessary headers </h3> <p>Finally, you may also realize that our implementation does't forward headers of both request &amp; response. Headers are actually pretty tricky as they may affect our request &amp; response and turns them invalid. I personally found that it best to only forward the necessary header fields, and ignore the rest. This also improve our security. </p> <p>To do this, we will prepare a helper function to filter our headers, amd only extract only 'content-type' &amp; 'accept' headers. of course you could also modify it according to your needs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// simple helper function to filter header array on request &amp; response</span> <span class="k">function</span> <span class="n">filterHeaders</span><span class="p">(</span><span class="nv">$headers</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$allowedHeaders</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'accept'</span><span class="p">,</span> <span class="s1">'content-type'</span><span class="p">];</span> <span class="k">return</span> <span class="nb">array_filter</span><span class="p">(</span><span class="nv">$headers</span><span class="p">,</span> <span class="k">function</span><span class="p">(</span><span class="nv">$key</span><span class="p">)</span> <span class="k">use</span> <span class="p">(</span><span class="nv">$allowedHeaders</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">in_array</span><span class="p">(</span><span class="nb">strtolower</span><span class="p">(</span><span class="nv">$key</span><span class="p">),</span> <span class="nv">$allowedHeaders</span><span class="p">);</span> <span class="p">},</span> <span class="no">ARRAY_FILTER_USE_KEY</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>and then we could use it in our endpoints. Our final could would be this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="c1">// you could use either routes/web.php or routes/api.php</span> <span class="c1">// simple helper function to filter header array on request &amp; response</span> <span class="k">function</span> <span class="n">filterHeaders</span><span class="p">(</span><span class="nv">$headers</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$allowedHeaders</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'accept'</span><span class="p">,</span> <span class="s1">'content-type'</span><span class="p">];</span> <span class="k">return</span> <span class="nb">array_filter</span><span class="p">(</span><span class="nv">$headers</span><span class="p">,</span> <span class="k">function</span><span class="p">(</span><span class="nv">$key</span><span class="p">)</span> <span class="k">use</span> <span class="p">(</span><span class="nv">$allowedHeaders</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">in_array</span><span class="p">(</span><span class="nb">strtolower</span><span class="p">(</span><span class="nv">$key</span><span class="p">),</span> <span class="nv">$allowedHeaders</span><span class="p">);</span> <span class="p">},</span> <span class="no">ARRAY_FILTER_USE_KEY</span><span class="p">);</span> <span class="p">}</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">any</span><span class="p">(</span><span class="s1">'/proxy_example/{path}'</span><span class="p">,</span> <span class="k">function</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">,</span> <span class="nv">$path</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$client</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">GuzzleHttp\Client</span><span class="p">([</span> <span class="c1">// Base URI is used with relative requests</span> <span class="s1">'base_uri'</span> <span class="o">=&gt;</span> <span class="s1">'https://pie.dev'</span><span class="p">,</span> <span class="c1">// public dummy API for example</span> <span class="c1">// You can set any number of default request options.</span> <span class="s1">'timeout'</span> <span class="o">=&gt;</span> <span class="mf">60.0</span><span class="p">,</span> <span class="s1">'http_errors'</span> <span class="o">=&gt;</span> <span class="kc">false</span><span class="p">,</span> <span class="c1">// disable guzzle exception on 4xx or 5xx response code</span> <span class="p">]);</span> <span class="c1">// create request according to our needs. we could add</span> <span class="c1">// custom logic such as auth flow, caching mechanism, etc</span> <span class="nv">$resp</span> <span class="o">=</span> <span class="nv">$client</span><span class="o">-&gt;</span><span class="nf">request</span><span class="p">(</span><span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">method</span><span class="p">(),</span> <span class="nv">$path</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'headers'</span> <span class="o">=&gt;</span> <span class="nf">filterHeaders</span><span class="p">(</span><span class="nv">$request</span><span class="o">-&gt;</span><span class="nb">header</span><span class="p">()),</span> <span class="s1">'query'</span> <span class="o">=&gt;</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">query</span><span class="p">(),</span> <span class="s1">'body'</span> <span class="o">=&gt;</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">getContent</span><span class="p">(),</span> <span class="p">]);</span> <span class="c1">// recreate response object to be passed to actual caller </span> <span class="c1">// according to our needs.</span> <span class="k">return</span> <span class="nf">response</span><span class="p">(</span><span class="nv">$resp</span><span class="o">-&gt;</span><span class="nf">getBody</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">getContents</span><span class="p">(),</span> <span class="nv">$resp</span><span class="o">-&gt;</span><span class="nf">getStatusCode</span><span class="p">())</span> <span class="o">-&gt;</span><span class="nf">withHeaders</span><span class="p">(</span><span class="nf">filterHeaders</span><span class="p">(</span><span class="nv">$resp</span><span class="o">-&gt;</span><span class="nf">getHeaders</span><span class="p">()));</span> <span class="p">})</span><span class="o">-&gt;</span><span class="nf">where</span><span class="p">(</span><span class="s1">'path'</span><span class="p">,</span> <span class="s1">'.*'</span><span class="p">);</span> <span class="c1">// required to allow $path to catch all sub-path</span> </code></pre> </div> <h3> Next </h3> <p>This implementation should cover 80-90% of most use case. However as stated in the beginning of this article, you may extend this code to include more functionalities. For example you could add authentication mechanism here, or some caching to reduce the number of network request.</p> microservices laravel tutorial Cookies for Authentication are harder than they look Abdurrahman Shofy Adianto Fri, 23 Dec 2022 08:20:36 +0000 https://dev.to/azophy/cookies-are-harder-than-it-look-145i https://dev.to/azophy/cookies-are-harder-than-it-look-145i <p>When you create an HTTP API, one of the most important consideration is: how will we accept access token from client? 2 of the most popular options are utilizing Bearer Token Header, and using HttpOnly Cookie. Both have pros &amp; cons, however I won't discuss it at length here (as its been discussed and debated numerous of times before). I'll just say that in one of my recent work, me and my colleagues has decided that cookies is the most suitable for our needs and agreed to use it for our API. </p> <p>However after struggling to implement an authentication flow based on it, I've found that implementing a proper cookie-based authentication scheme <strong>could be harder than it look</strong>. I've also found that the documentation about this is somewhat scattered and partial. Because of it I tried to gather and outline various knowledge I've encountered, and hope that this article could help other unfortunate souls so they don't have to go through the same suffering as I did.</p> <p>Here I mainly use NestJs as example, but the knowledge should be applicable for other languages or frameworks.</p> <h2> Level 0: cookies with regular settings </h2> <p>Changeable by JavaScript in browsers. May be useful to send persistent (user changeable) data to backend. just make sure to validate the input just like a regular user input. example use case is for saving language setting for website. user could set cookies via javascript, which would be sent for every later requests to the server. Example in NestJs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// at controller</span> <span class="p">@</span><span class="nd">Get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/get_cookies</span><span class="dl">'</span><span class="p">)</span> <span class="nf">getGetCookies</span><span class="p">(@</span><span class="nd">Req</span><span class="p">()</span> <span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">):</span> <span class="nx">string</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">req</span><span class="p">.</span><span class="nx">cookies</span> <span class="c1">// get all cookies sent by client/browser</span> <span class="p">}</span> <span class="p">@</span><span class="nd">Get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/set_cookies</span><span class="dl">'</span><span class="p">)</span> <span class="nf">getSetCookies</span><span class="p">(@</span><span class="nd">Res</span><span class="p">({</span> <span class="na">passthrough</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">):</span> <span class="nx">string</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">cookie</span><span class="p">(</span><span class="dl">'</span><span class="s1">cookie_name</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">cookie_value</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Level 1: httpOnly cookies, for usage by the same subdomain (usually fullstack app) </h2> <p>"httpOnly" flag allows cookies which is not accessible by browser's javascript, good for storing sensitive info like access token. by default it would be sent at each subsequent non-ajax request, including normal link clicks &amp; form submissions. optionally add "secure" flag. Example in NestJs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// at controller</span> <span class="p">@</span><span class="nd">Get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/set_cookies</span><span class="dl">'</span><span class="p">)</span> <span class="nf">getSetCookies</span><span class="p">(@</span><span class="nd">Res</span><span class="p">({</span> <span class="na">passthrough</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">):</span> <span class="nx">string</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">cookie</span><span class="p">(</span><span class="dl">'</span><span class="s1">cookie_name</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">cookie_value</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">httpOnly</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">})</span> <span class="k">return</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Level 2: Level 1, but called from frontend </h2> <p>In the past the term for this type of request is "Ajax", nowadays people usually using fetch API or custom library like Axios. To send cookies we need to setup frontend with "credentials: include". <a href="https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#sending_a_request_with_credentials_included" rel="noopener noreferrer">More information about this 'credentials' setting in MDN</a>. Example using Fetch API:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://example.com/endpoint</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">credentials</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">include</span><span class="dl">'</span><span class="p">,</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">r</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">r</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="nf">console</span><span class="p">(</span><span class="dl">'</span><span class="s1">success</span><span class="dl">'</span><span class="p">);</span> <span class="p">})</span> </code></pre> </div> <h2> Level 3: Level 2, but Frontend &amp; Backend at different subdomains (but still under the same domain) </h2> <p>By default browsers would block these kind of requests because of a security mechanism called <a href="https://en.wikipedia.org/wiki/Cross-origin_resource_sharing" rel="noopener noreferrer">CORS (Cross Origin Resource Sharing)</a>. This mechanism designed to protect browser users from many kind of attack involving browser requests, including CSRF (Cross-Site Request Forgery), Cookie Hijacking, Session Hijacking, etc. To enable cross-subdomain communication between frontend &amp; backend, and also to protect us from mentioned attacks, we need to set CORS Header settings from backend side of things. In short, we need to configure <code>Cross-Origins-Allow-Credentials</code> and <code>Cross-Origin-Allow-Origin</code> Headers. Again example in NestJs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// main.ts</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">NestFactory</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">AppModule</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">enableCors</span><span class="p">({</span> <span class="c1">// read more options here: https://github.com/expressjs/cors#configuration-options</span> <span class="na">origins</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">https://frontend.example.com</span><span class="dl">'</span><span class="p">,</span> <span class="p">],</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">);</span> </code></pre> </div> <p>FYI, we could also set origins to wildcard value (<code>*</code>) but this is discouraged for most kind of public access. This value is also blocked for more advanced usages, for example the <code>SameSite:None</code> cookie flag which we will discuss later. Instead, in some web frameworks we could configure some kind of pattern matching to allow more flexible URL. Of course using 'catch-all' patterns would defeat the purpose, so try to limit our pattern's scope as narrow as possible. Again example in NestJs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// main.ts</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">NestFactory</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">AppModule</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">enableCors</span><span class="p">({</span> <span class="c1">// read more options here: https://github.com/expressjs/cors#configuration-options</span> <span class="na">origins</span><span class="p">:</span> <span class="p">[</span> <span class="c1">// using regex, enable all subdomains of example.com</span> <span class="sr">/https:</span><span class="se">\/\/[</span><span class="sr">a-z0-9</span><span class="se">\.]</span><span class="sr">*example</span><span class="se">\.</span><span class="sr">com/</span><span class="p">,</span> <span class="p">],</span> <span class="na">credentials</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">);</span> </code></pre> </div> <h2> Level 4: Level 3, but BE &amp; FE at different domains </h2> <p>At production environment, this setup is actually discouraged as it opens our website to more attacks (although CORS setting somewhat helps reduce the risk). However this setup is common for development as it allows frontend developers to test remote API from local environment. For production usage, try stick to using the same root domain.</p> <p>To enable this scenario, we need to add <code>samesite: none</code> &amp; <code>secure: true</code> cookie flag when backend is storing cookies. Example in NestJs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// at controller</span> <span class="p">@</span><span class="nd">Get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/set_cookies</span><span class="dl">'</span><span class="p">)</span> <span class="nf">getSetCookies</span><span class="p">(@</span><span class="nd">Res</span><span class="p">({</span> <span class="na">passthrough</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">):</span> <span class="nx">string</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">cookie</span><span class="p">(</span><span class="dl">'</span><span class="s1">cookie_name</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">cookie_value</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">httpOnly</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">sameSite</span><span class="p">:</span> <span class="dl">"</span><span class="s2">none</span><span class="dl">"</span><span class="p">,</span> <span class="na">secure</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">})</span> <span class="k">return</span> <span class="p">{</span> <span class="na">status</span><span class="p">:</span> <span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Level 5: Level 4, but mixed between Ajax requests &amp; regular requests </h2> <p>I'm struggling with this. Example use case is passing access token data between BE &amp; FE. Access token is set when user visit BE endpoint, then BE redirect to FE page. Common for some SSO flows, like <a href="https://laravel.com/docs/9.x/socialite" rel="noopener noreferrer">Laravel Socialite</a>'s SSO Flow which utilized browser's redirect. Chrome still support this flow, but currently Firefox doesn't. On Firefox the cookies won't be send to backend from the frontend after redirect.</p> <p>Fortunately from what I found, this problem is mainly when we use cross-domain request. For cross-subdomain (under the same domain) requests, it seems that there are no problems.</p> <h2> Gotchas </h2> <h3> Cookies will only be sent to the same the host with the one set it </h3> <p>even <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#invalid_domains" rel="noopener noreferrer">"Domain" cookie flag is considered invalid if its different from requesting host</a>. I've stumbled into a problem about this when I develop local API and publish it with public url using <a href="https://localhost.run" rel="noopener noreferrer">Localhost.run</a>. So when the API set a cookie in browser, I didn't realize that the URL I visit is actually the local one instead of the public one (although its actually the same API). So of course the the cookies couldn't be read because its set &amp; read by different domains/hosts.</p> <h3> Cookies are not 100% temper proof, even on httpOnly &amp; secure settings </h3> <p>As in everything in technology, no matter how advanced the security measures are, in the end its still made by humans with all their flaws. <a href="https://en.wikipedia.org/wiki/HTTP_cookie#Cookie_theft_and_session_hijacking" rel="noopener noreferrer">Wikipedia page for HTTP Cookie</a> lists a couple of said vulnerabilities.</p> <h2> References </h2> <ul> <li><a href="https://stackoverflow.com/a/60892766" rel="noopener noreferrer">StackOverflow answer which outline the requirement for cross-domain Cookie storage</a></li> <li><a href="https://github.com/benawad/how-to-debug-cookies/blob/master/README.md" rel="noopener noreferrer">https://github.com/benawad/how-to-debug-cookies/blob/master/README.md</a></li> <li><a href="https://www.youtube.com/watch?v=nfNrfi7HmLs" rel="noopener noreferrer">How to debug cookies when they dont work (youtube)</a></li> <li><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie" rel="noopener noreferrer">Mozilla Developer Docs on Cookies</a></li> <li>My proof of concept repo for cross-domain cookie setup using <a href="http://github.com/azophy/experiment-nestjs-cookies" rel="noopener noreferrer">NestJs</a> and <a href="http://github.com/azophy/experiment-laravel-cookies" rel="noopener noreferrer">Laravel</a> </li> </ul> java programming beginners