The latest articles on DEV Community by Danny Festor (@danakin). https://dev.to/danakin https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F381137%2Fa9701a8c-ce53-48fd-8c1b-d1bc5b78e6e3.jpeg https://dev.to/danakin en Danny Festor Mon, 20 May 2024 07:47:43 +0000 https://dev.to/danakin/laravels-most-underrated-security-feature-what-actually-is-a-signed-url-and-how-do-they-work-3768 https://dev.to/danakin/laravels-most-underrated-security-feature-what-actually-is-a-signed-url-and-how-do-they-work-3768 <p><a href="https://festor.info/blog/20240520-laravels-most-underrated-security-feature" rel="noopener noreferrer">This post was first released on my personal blog</a></p> <p>Laravel comes with many fantastic security features out of the box and also has many 1st party packages that add security functionality to your application. We have Cross Site Scripting (XSS) protection, Cross Site Request Forgery (CSRF) protection, Roles and Permissions via Gates, SQL Injection protection, but also whole authentication scaffolding (Breeze) including 2 factor authorization (Jetstream) </p> <p>One feature is very much overlooked in my opinion. Laravel comes with the ability to create signed urls. In this article I will not only show how to use signed URLs (Laravel makes this trivial), but also look on how this works under the hood so that you can implement the same functionality in other languages (or your own PHP framework).</p> <h2> What are signed URLs? </h2> <p>Signed URLs are unguessable URLs you can share with other people without the requirement of being logged in into the system. They are like normal URLs to your app, but have a cryptographically signed hash at the end of the URL.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># normal url</span> http://signed-url.test/file/29 <span class="c"># signed url</span> http://signed-url.test/file/29?signature<span class="o">=</span>78e68c73c03586a5705442e86116c5169c8b64e4720b16766eece296ada49d5a </code></pre> </div> <p>This makes the URLs temper-proof; Change one character in the URL and the hash will not match any longer. AWS S3 uses signed URLs to retrieve private images.</p> <h3> What can I actually use these for? </h3> <p>The <a href="https://laravel.com/docs/11.x/urls#signed-urls" rel="noopener noreferrer">Laravel Documentation</a> actually has a fantastic use case for signed URLs: Unsubscribing a user from a newsletter. You get an email, click the unsubscribe button, and you can unsubscribe from the newsletter without logging in or send another confirmation email, because the email address cannot be changed. If you changed the email address the hash would not match any longer.</p> <p>Another example would be a file sharing application. Upload the file, and get a signed url you can use to share the file with your friends or on the internet without anyone to register an account.</p> <h2> What are signed URLs not? </h2> <p>They are not one time use URLs, at least not by default. There is not default way to invalidate the signed URL, except for changing the application key, which would invalidate every single signed URL. Do not use signed URLs for security critical endpoints, if you don't have a strategy to invalidate the URLs.</p> <p><a href="https://www.reddit.com/r/laravel/comments/1blzi84/comment/kw92scd/?utm_source=share&amp;utm_medium=web3x&amp;utm_name=web3xcss&amp;utm_term=1&amp;utm_content=share_button" rel="noopener noreferrer">There was a discussion on Reddit on this earlier this year.</a></p> <h2> Generating Signed URLs </h2> <p>Generating a signed URL in Laravel is super easy.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="kn">use</span> <span class="no">Illuminate\Support\Facades\URL</span><span class="p">;</span> <span class="c1">// Import the URL facade</span> <span class="kd">class</span> <span class="nc">NewsletterController</span> <span class="kd">extends</span> <span class="nc">Controller</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="k">public</span> <span class="k">function</span> <span class="n">unsubscribe</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="nv">$unsubscription</span> <span class="o">=</span> <span class="nc">NewsletterUnsubscriptions</span><span class="o">::</span><span class="nf">create</span><span class="p">();</span> <span class="nv">$signedRoute</span> <span class="o">=</span> <span class="no">URL</span><span class="o">::</span><span class="nf">signedRoute</span><span class="p">(</span><span class="s1">'newsletter.unsubscribe'</span><span class="p">,</span> <span class="p">[</span><span class="s1">'unsubscription'</span> <span class="o">=&gt;</span> <span class="nv">$unsubscription</span><span class="p">]);</span> <span class="c1">// http://signed-url.test/newsletter/unsubscriptions/29?signature=78e68c73c03586a5705442e86116c5169c8b64e4720b16766eece296ada49d5a</span> <span class="c1">// ...</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Invalidating a Signed URL </h2> <p>There is one way to invalidate a signed URL build into Laravel: The ability to add a time limit to a signed URL, making it temporary. When the current timestamp (on the server, of course) is after the timestamp specified in the signed URL, Laravel actually invalidates the URL automatically.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="cp">&lt;?php</span> <span class="kn">use</span> <span class="no">Illuminate\Support\Facades\URL</span><span class="p">;</span> <span class="c1">// Import the URL facade</span> <span class="kd">class</span> <span class="nc">NewsletterController</span> <span class="kd">extends</span> <span class="nc">Controller</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="k">public</span> <span class="k">function</span> <span class="n">unsubscribe</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// ...</span> <span class="c1">// To add a timestamp to a signed URL, just use the temporarySignedRoute method instead of signedRoute and add a timestamp</span> <span class="nv">$unsubscription</span> <span class="o">=</span> <span class="nc">NewsletterUnsubscriptions</span><span class="o">::</span><span class="nf">create</span><span class="p">();</span> <span class="nv">$signedRoute</span> <span class="o">=</span> <span class="no">URL</span><span class="o">::</span><span class="nf">temporarySignedRoute</span><span class="p">(</span><span class="s1">'newsletter.unsubscribe'</span><span class="p">,</span> <span class="nf">now</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">addMinutes</span><span class="p">(</span><span class="mi">10</span><span class="p">),</span> <span class="p">[</span><span class="s1">'unsubscription'</span> <span class="o">=&gt;</span> <span class="nv">$unsubscription</span><span class="p">]);</span> <span class="c1">// http://signed-url.test/file/30?expires=1716185539&amp;signature=fa1fcfa2f47270ef2ef55b20aa5990eacbf6fb11d45984828d7be3f87258cae9</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Notice the expires parameter? Laravel add that automatically when using temporarySignedRoute. How cool is that?</p> <h2> Actually checking the signed URL </h2> <p>Just adding the signature is of course not enough. At no point we are actually confirming that the hash is a legit one. Again, since Laravel supports signed URL out of the box, confirming the hash is super easy as well. It's just changing one line in your route file <code>routes/web.php</code>, by adding the <code>signed</code> middleware to your route.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="nc">Route</span><span class="o">::</span><span class="nf">get</span><span class="p">(</span> <span class="s1">'/newsletter/unsubscriptions/{unsubscription}'</span><span class="p">,</span> <span class="p">[</span><span class="nc">\App\Http\Controllers\NewsletterController</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="s1">'unsubscribe'</span><span class="p">])</span> <span class="o">-&gt;</span><span class="nf">name</span><span class="p">(</span><span class="s1">'newsletter.unsubscribe'</span><span class="p">)]</span> <span class="o">-&gt;</span><span class="nf">middleware</span><span class="p">(</span><span class="s1">'signed'</span><span class="p">);</span> <span class="c1">// add the signed middleware</span> </code></pre> </div> <p>It does not get easier than this!</p> <h2> So how does it work under the hood? </h2> <p>I firmly believe that just knowing that a feature exists is not enough. I want to know how these things work under the hood. Let's try to recreate the functionality in a basic way</p> <h3> Manually generating a signed URL </h3> <p>Manually generating a signed URL requires leveraging PHP's built-in hash function. If you are trying to port this functionality to another language, look up how to hash a string in your language of choice. For instance, <a href="https://pkg.go.dev/crypto/sha256#Sum256" rel="noopener noreferrer">I know Go does have this built in into the crypto package</a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// put the timestamp into a variable so we can reuse it here</span> <span class="nv">$expires</span> <span class="o">=</span> <span class="nf">now</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">addMinutes</span><span class="p">(</span><span class="mi">10</span><span class="p">);</span> <span class="nv">$signedRoute</span> <span class="o">=</span> <span class="no">URL</span><span class="o">::</span><span class="nf">temporarySignedRoute</span><span class="p">(</span><span class="s1">'newsletter.unsubscribe'</span><span class="p">,</span> <span class="nv">$expires</span><span class="p">,</span> <span class="p">[</span><span class="s1">'unsubscription'</span> <span class="o">=&gt;</span> <span class="nv">$unsubscription</span><span class="p">]);</span> <span class="nv">$route</span> <span class="o">=</span> <span class="no">URL</span><span class="o">::</span><span class="nf">route</span><span class="p">(</span><span class="s1">'newsletter.unsubscribe'</span><span class="p">,</span> <span class="p">[</span><span class="s1">'unsubscription'</span> <span class="o">=&gt;</span> <span class="nv">$unsubscription</span><span class="p">,</span> <span class="s1">'expires'</span> <span class="o">=&gt;</span> <span class="nv">$expires</span><span class="o">-&gt;</span><span class="n">timestamp</span><span class="p">]);</span> <span class="nv">$manualRoute</span> <span class="o">=</span> <span class="nv">$route</span> <span class="mf">.</span> <span class="s1">'&amp;signature='</span> <span class="mf">.</span> <span class="nb">hash_hmac</span><span class="p">(</span><span class="s1">'sha256'</span><span class="p">,</span> <span class="nv">$route</span><span class="p">,</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'app.key'</span><span class="p">));</span> <span class="nf">dd</span><span class="p">(</span> <span class="s1">'Result from $signedRoute:'</span> <span class="mf">.</span> <span class="nv">$signedRoute</span><span class="p">,</span> <span class="s1">'Result from $manualRoute:'</span> <span class="mf">.</span> <span class="nv">$manualRoute</span> <span class="p">);</span> <span class="c1">// "Result from $signedRoute: http://signed-url.test/file/32?expires=1716187120&amp;signature=b9aa919a8f4ce54e89e4270dbadc2bcab5e203304aacd1c4c95c9889f101e3f1"</span> <span class="c1">// "Result from $manualRoute: http://signed-url.test/file/32?expires=1716187120&amp;signature=b9aa919a8f4ce54e89e4270dbadc2bcab5e203304aacd1c4c95c9889f101e3f1"</span> </code></pre> </div> <p>How easy was that? Notice how we signed the hash with our <code>app.key</code> here. Signing urls with a different app key will result in a different hash</p> <h3> Manually Validating the Signature </h3> <p>By default the <code>signed</code> middleware sends the user to a <code>403</code> error page. To manually handle URL validation, you can make use of a nice little request helper.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="k">public</span> <span class="k">function</span> <span class="n">show</span><span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">,</span> <span class="kt">NewsletterUnsubscriptions</span> <span class="nv">$unsubscription</span><span class="p">)</span> <span class="p">{</span> <span class="nf">dd</span><span class="p">(</span><span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">hasValidSignature</span><span class="p">());</span> <span class="p">}</span> </code></pre> </div> <p>This helper function will check if the signature has not been tampered with, as well as if it has not yet expired.</p> <p>Under the hood of the hasValidSignature function there is actually happening a lot:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// get the url without query string</span> <span class="nv">$url</span> <span class="o">=</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">url</span><span class="p">();</span> <span class="c1">// get all query parameters except signature in [$key =&gt; $value] form</span> <span class="nv">$query</span> <span class="o">=</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">except</span><span class="p">(</span><span class="s1">'signature'</span><span class="p">);</span> <span class="c1">// join each array entry to a &amp;key=&amp;value string</span> <span class="nv">$params</span> <span class="o">=</span> <span class="p">[];</span> <span class="k">foreach</span> <span class="p">(</span><span class="nv">$query</span> <span class="k">as</span> <span class="nv">$key</span> <span class="o">=&gt;</span> <span class="nv">$value</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$params</span><span class="p">[]</span> <span class="o">=</span> <span class="nv">$key</span> <span class="mf">.</span> <span class="s1">'='</span> <span class="mf">.</span> <span class="nv">$value</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// get the signature </span> <span class="nv">$urlsignature</span> <span class="o">=</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">query</span><span class="p">(</span><span class="s1">'signature'</span><span class="p">,</span> <span class="s1">''</span><span class="p">);</span> <span class="c1">// reconstruct the original url without the signature</span> <span class="nv">$original</span> <span class="o">=</span> <span class="nv">$url</span> <span class="mf">.</span> <span class="s1">'?'</span> <span class="mf">.</span> <span class="nb">implode</span><span class="p">(</span><span class="s1">'&amp;'</span><span class="p">,</span> <span class="nv">$params</span><span class="p">);</span> <span class="c1">// generate a new signature based on the url without the signature</span> <span class="nv">$signature</span> <span class="o">=</span> <span class="nb">hash_hmac</span><span class="p">(</span><span class="s1">'sha256'</span><span class="p">,</span> <span class="nv">$original</span><span class="p">,</span> <span class="nf">config</span><span class="p">(</span><span class="s1">'app.key'</span><span class="p">));</span> <span class="c1">// compare the signature in the url with the new signature</span> <span class="nv">$equals</span> <span class="o">=</span> <span class="nb">hash_equals</span><span class="p">(</span><span class="nv">$signature</span><span class="p">,</span> <span class="p">(</span><span class="n">string</span><span class="p">)</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">query</span><span class="p">(</span><span class="s1">'signature'</span><span class="p">,</span> <span class="s1">''</span><span class="p">));</span> <span class="c1">// handle what happens when the hash is not equal</span> <span class="nf">dump</span><span class="p">(</span><span class="nv">$equals</span><span class="p">);</span> <span class="c1">// check if the timestamp is expired</span> <span class="nv">$expired</span> <span class="o">=</span> <span class="kc">false</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="k">isset</span><span class="p">(</span><span class="nv">$query</span><span class="p">[</span><span class="s1">'expires'</span><span class="p">]))</span> <span class="p">{</span> <span class="nv">$expireTime</span> <span class="o">=</span> <span class="nc">Carbon</span><span class="o">::</span><span class="nf">createFromTimestamp</span><span class="p">(</span><span class="nv">$query</span><span class="p">[</span><span class="s1">'expires'</span><span class="p">]);</span> <span class="nv">$expired</span> <span class="o">=</span> <span class="nf">now</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">gt</span><span class="p">(</span><span class="nv">$expireTime</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// handle an expired timestamp</span> <span class="nf">dd</span><span class="p">(</span><span class="nv">$expired</span><span class="p">);</span> </code></pre> </div> <p>We use hash_equals instead of normal string comparison here, because <a href="https://www.php.net/manual/en/function.hash-equals.php" rel="noopener noreferrer">it is timing attack secure</a>.</p> <h4> Why would you manually handling this? </h4> <p>The other day I had a client with a peculiar request. They wanted password reset to handle a completely invalid URL differently from an expired URL. On an invalid URL the program would throw an error, on an expired URL the app would redirect to the send password reminder page.</p> <h2> Homework </h2> <h3> Making signed URLs actually one time usage </h3> <p>So one question remains: How to actually make a signed URL a one time thing? In the example above we took the example from the Laravel documentation. Imagine you want to handle newsletter unsubscriptions. There are several ways you could go about this.</p> <ol> <li>Just add a flag to the NewsletterUnsubscription model; it could be a boolean <code>is_used</code>, an integer <code>used_count</code> or a timestamp <code>used_at</code>. After checking the validity of the signed URL (be it manually, or using Laravel's middleware) just check if the used flag was raised. In case of the integer, you could even restrict file downloads to an arbitrary number.</li> <li>Add a flag to the cache of your choice on NewsletterUnsubscription creation. If the cache has an entry, the request is valid, show the page and delete the cache entry. If the cache does not have an entry, the request is invalid.</li> <li>... even different solutions, I'm sure you can think of more strategies.</li> </ol> <h2> Acknoledgements </h2> <ol> <li><a href="https://www.laravel.com" rel="noopener noreferrer">Laravel</a></li> <li> <a href="https://gemini.google.com/" rel="noopener noreferrer">Google Gemini</a>, which I actually used to generate the banner...</li> </ol> php laravel security webdev Danny Festor Sat, 09 Mar 2024 02:32:59 +0000 https://dev.to/danakin/websockets-with-laravel-soketi-and-laravel-echo-2di3 https://dev.to/danakin/websockets-with-laravel-soketi-and-laravel-echo-2di3 <p><a href="https://festor.info/blog/20240309-websockets-with-laravel-soketi-and-laravel-echo" rel="noopener noreferrer">This article was first released on my portfolio homepage</a></p> <p>Everyone knows these pesky notification bell icons, which tell you in real-time whenever an event is triggered that is meant to... well... notify you.</p> <p>There are many different ways to implement such a system.</p> <ol> <li>Javascript pulling via <code>setInterval</code> </li> <li>(Laravel Only) Livewire pulling via wire:poll</li> <li>Server Sent Events</li> <li>Websockets</li> <li>Probably more?</li> </ol> <p>With <a href="https://reverb.laravel.com/" rel="noopener noreferrer">Laravel Reverb</a> on the radar, releasing on March 12 2024, (as in 4 days, at the time of this article), I wanted to explore how to actually use Websockets; My projects so far have never needed them.</p> <p>Up until now, <a href="https://laravel.com/docs/10.x/broadcasting" rel="noopener noreferrer">Laravel recommends</a> <a href="https://pusher.com/" rel="noopener noreferrer">Pusher</a>, <a href="https://ably.com/" rel="noopener noreferrer">Ably</a>, or the self hosted Pusher alternative <a href="https://soketi.app/" rel="noopener noreferrer">Soketi</a> in the official documentation. Soketi on the other hand has Laravel baked into their documentation as well. So I did the only sane thing, and explored how to use Websockets with Soketi. I expect I can easily migrate to Reverb, once released.</p> <p>In this article I will omit setting up the project, the models, and views. You can find the source code for this article in my <a href="https://github.com/DannyFestor/-Youtube--Notification-Laravel-Soketi/" rel="noopener noreferrer">Github repo</a>. Follow the commit history to see changes to the various files. I used Laravel Breeze with the Alpine.js template to get Alpine and Tailwind.css installed and set up for me.</p> <h3> Updating Laravel Sail </h3> <p>Since Soketi is a self hosted solution, you will have to install it somewhere. The easiest way is by using Docker, so I went with Laravel Sail for this tutorial. Laravel Sail is not meant for production, but it is good enough for Localhost development and testing.</p> <h4> Add Soketi to Docker </h4> <p>First, you need to add the Soketi image to your docker-compose-file. Obviously skip this step when not using docker. As per <a href="https://docs.soketi.app/getting-started/installation/laravel-sail-docker" rel="noopener noreferrer">their documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># docker-compose.yml</span> services: <span class="c"># ...</span> soketi: image: <span class="s1">'quay.io/soketi/soketi:latest-16-alpine'</span> environment: SOKETI_DEBUG: <span class="s1">'1'</span> SOKETI_METRICS_SERVER_PORT: <span class="s1">'9601'</span> ports: - <span class="s1">'${SOKETI_PORT:-6001}:6001'</span> - <span class="s1">'${SOKETI_METRICS_SERVER_PORT:-9601}:9601'</span> networks: - sail networks: <span class="c"># ...</span> </code></pre> </div> <p>You also need to update your environment file. Soketi uses the Pusher protocol, so you need to update relevant Pusher parts<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">BROADCAST_DRIVER</span><span class="o">=</span>pusher <span class="c"># was log</span> <span class="c"># As set in soketi</span> <span class="nv">PUSHER_APP_ID</span><span class="o">=</span>app-id <span class="nv">PUSHER_APP_KEY</span><span class="o">=</span>app-key <span class="nv">PUSHER_APP_SECRET</span><span class="o">=</span>app-secret <span class="c"># Host is only soketi in docker. If you installed soketi locally, use 127.0.0.1, or the IP of your server</span> <span class="nv">PUSHER_HOST</span><span class="o">=</span>soketi <span class="nv">PUSHER_PORT</span><span class="o">=</span>6001 <span class="nv">PUSHER_SCHEME</span><span class="o">=</span>http <span class="c"># Browser does not run in docker, so using the value set in PUSHER_HOST won't work</span> <span class="nv">VITE_PUSHER_HOST</span><span class="o">=</span><span class="s2">"127.0.0.1"</span> <span class="c"># was "${PUSHER_HOST}"</span> </code></pre> </div> <h3> Installing the needed packages </h3> <h4> PHP side </h4> <p>You will have to install the Pusher Channels SDK for Laravel to be able to use the pusher driver<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>composer require pusher/pusher-php-server </code></pre> </div> <p>After installing the driver, you need to tweak the configuration to enable broadcasting by uncommenting the BroadcastServiceProvider in <code>config/app.php</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// config/app.php</span> <span class="c1">// ...</span> <span class="s1">'providers'</span> <span class="o">=&gt;</span> <span class="nc">ServiceProvider</span><span class="o">::</span><span class="nf">defaultProviders</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">merge</span><span class="p">([</span> <span class="c1">// ...</span> <span class="nc">App\Providers\BroadcastServiceProvider</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="c1">// Enable the Service Provider, was commented out</span> <span class="c1">// ...</span> </code></pre> </div> <h4> Frontend (Javascript) Side </h4> <p>You also need the Javascript for you client side code<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">--save-dev</span> laravel-echo pusher-js </code></pre> </div> <p>After installing the packages you also have to uncomment the broadcasting related code in <code>resources/js/bootstrap.js</code>. Laravel makes it really easy, the code is already there!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">Echo</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">laravel-echo</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Pusher</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">pusher-js</span><span class="dl">'</span><span class="p">;</span> <span class="nb">window</span><span class="p">.</span><span class="nx">Pusher</span> <span class="o">=</span> <span class="nx">Pusher</span><span class="p">;</span> <span class="nb">window</span><span class="p">.</span><span class="nx">Echo</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Echo</span><span class="p">({</span> <span class="na">broadcaster</span><span class="p">:</span> <span class="dl">'</span><span class="s1">pusher</span><span class="dl">'</span><span class="p">,</span> <span class="na">key</span><span class="p">:</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_PUSHER_APP_KEY</span><span class="p">,</span> <span class="na">cluster</span><span class="p">:</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_PUSHER_APP_CLUSTER</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">mt1</span><span class="dl">'</span><span class="p">,</span> <span class="na">wsHost</span><span class="p">:</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_PUSHER_HOST</span> <span class="p">?</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_PUSHER_HOST</span> <span class="p">:</span> <span class="s2">`ws-</span><span class="p">${</span><span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_PUSHER_APP_CLUSTER</span><span class="p">}</span><span class="s2">.pusher.com`</span><span class="p">,</span> <span class="na">wsPort</span><span class="p">:</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_PUSHER_PORT</span> <span class="o">??</span> <span class="mi">80</span><span class="p">,</span> <span class="na">wssPort</span><span class="p">:</span> <span class="k">import</span><span class="p">.</span><span class="nx">meta</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">VITE_PUSHER_PORT</span> <span class="o">??</span> <span class="mi">443</span><span class="p">,</span> <span class="c1">// forceTLS: (import.meta.env.VITE_PUSHER_SCHEME ?? 'https') === 'https', </span> <span class="na">forceTLS</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="c1">// I deactivated TLS for local testing</span> <span class="na">enabledTransports</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">ws</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">wss</span><span class="dl">'</span><span class="p">],</span> <span class="na">encrypted</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// Soketi documentation adds this line</span> <span class="na">disableStats</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// as well as this line</span> <span class="p">});</span> </code></pre> </div> <h3> Broadcasting an event to your users </h3> <p>Broadcasting channels for Websockets live in their own routing file. You are probably used to adding routes to <code>routes/web.php</code> or <code>routes/api.php</code> and have wondered what the other files were used for. Well, it's time to actually activate <code>route/channels.php</code> and add our Websocket Channel! The channel will actually be a private channel, which is scoped to your current user. You can actually add authorization to channels this way!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// routes/channels.php</span> <span class="c1">// The channel always receives the current user, as well as optional arguments. We will connect to notifications.[user_id], which the callback receives as an argument as well</span> <span class="nc">Broadcast</span><span class="o">::</span><span class="nf">channel</span><span class="p">(</span><span class="s1">'notifications.{userId}'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="kt">User</span> <span class="nv">$user</span><span class="p">,</span> <span class="kt">int</span> <span class="nv">$userId</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$userId</span> <span class="o">===</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="n">id</span><span class="p">;</span> <span class="c1">// users can only connect to this channel if true is returned</span> <span class="p">});</span> </code></pre> </div> <p>In Laravel, information is broadcasted over events, so let us create one.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>php artisan make:event UserNotificationEvent </code></pre> </div> <p>The event will receive a user id, because we scoped the channel to a user in the snippet above, as well as a notification (or whatever data you want to send).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// app/Events/UserNotificationEvent.php</span> <span class="c1">// do not forget to implement the `Illuminate\Contracts\Broadcasting\ShouldBroadcast` interface, otherwise your event will not be broadcasted to your websocket server</span> <span class="kd">class</span> <span class="nc">UserNotificationEvent</span> <span class="kd">implements</span> <span class="nc">ShouldBroadcast</span> <span class="p">{</span> <span class="kn">use</span> <span class="nc">Dispatchable</span><span class="p">,</span> <span class="nc">InteractsWithSockets</span><span class="p">,</span> <span class="nc">SerializesModels</span><span class="p">;</span> <span class="c1">// receive the data needed for the event. all public properties of the class will be sent on the event</span> <span class="k">public</span> <span class="k">function</span> <span class="n">__construct</span><span class="p">(</span><span class="k">public</span> <span class="kt">int</span> <span class="nv">$userId</span><span class="p">,</span> <span class="k">public</span> <span class="kt">Notification</span> <span class="nv">$notification</span><span class="p">)</span> <span class="p">{}</span> <span class="k">public</span> <span class="k">function</span> <span class="n">broadcastOn</span><span class="p">():</span> <span class="kt">Channel</span> <span class="c1">// update return type from array to Channel </span> <span class="p">{</span> <span class="c1">// broadcast over a private channel to the user!</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">PrivateChannel</span><span class="p">(</span><span class="s1">'notifications.'</span> <span class="mf">.</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="n">userId</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>For test purposed I also added a console command to quickly create notifications. This command will also dispatch the event. Usually, you would to everything in the command in your admin panel, but for a small test, a console command has to be sufficient.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>php artisan make:command MakeNotificationCommand </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="kd">class</span> <span class="nc">MakeNotificationCommand</span> <span class="kd">extends</span> <span class="nc">Command</span> <span class="p">{</span> <span class="c1">// run with php artisan make:notification, which accepts a number</span> <span class="k">protected</span> <span class="nv">$signature</span> <span class="o">=</span> <span class="s1">'make:notification {num=1}'</span><span class="p">;</span> <span class="k">public</span> <span class="k">function</span> <span class="n">handle</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// always prevent shenanigans by your users, even in a test application. I restricted input to 1-100 notifications... </span> <span class="nv">$num</span> <span class="o">=</span> <span class="nb">min</span><span class="p">(</span><span class="mi">100</span><span class="p">,</span> <span class="nb">max</span><span class="p">((</span><span class="n">int</span><span class="p">)</span><span class="nv">$this</span><span class="o">-&gt;</span><span class="nf">argument</span><span class="p">(</span><span class="s1">'num'</span><span class="p">),</span> <span class="mi">1</span><span class="p">));</span> <span class="c1">// get all users</span> <span class="c1">// typically, you would select users in your admin panel</span> <span class="nv">$userIds</span> <span class="o">=</span> <span class="nc">User</span><span class="o">::</span><span class="nf">pluck</span><span class="p">(</span><span class="s1">'id'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">all</span><span class="p">();</span> <span class="c1">// generate notifications. I'm using a factory here to create random data, but usually you would receive title, content etc through your admin panel</span> <span class="nv">$notifications</span> <span class="o">=</span> <span class="nc">Notification</span><span class="o">::</span><span class="nf">factory</span><span class="p">(</span><span class="nv">$num</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">create</span><span class="p">();</span> <span class="nv">$notifications</span><span class="o">-&gt;</span><span class="nb">each</span><span class="p">(</span><span class="k">function</span> <span class="p">(</span><span class="kt">Notification</span> <span class="nv">$notification</span><span class="p">)</span> <span class="k">use</span> <span class="p">(</span><span class="nv">$userIds</span><span class="p">)</span> <span class="p">{</span> <span class="k">foreach</span><span class="p">(</span><span class="nb">array_chunk</span><span class="p">(</span><span class="nv">$userIds</span><span class="p">,</span> <span class="mi">100</span><span class="p">)</span> <span class="k">as</span> <span class="nv">$chunk</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// add an entry into my notification_user pivot table for each user</span> <span class="nv">$insert</span> <span class="o">=</span> <span class="nb">array_map</span><span class="p">(</span><span class="k">function</span> <span class="p">(</span><span class="nv">$userId</span><span class="p">)</span> <span class="k">use</span> <span class="p">(</span><span class="nv">$notification</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span> <span class="s1">'notification_id'</span> <span class="o">=&gt;</span> <span class="nv">$notification</span><span class="o">-&gt;</span><span class="n">id</span><span class="p">,</span> <span class="s1">'user_id'</span> <span class="o">=&gt;</span> <span class="nv">$userId</span><span class="p">,</span> <span class="p">];</span> <span class="p">},</span> <span class="nv">$chunk</span><span class="p">);</span> <span class="nc">NotificationUser</span><span class="o">::</span><span class="nf">insert</span><span class="p">(</span><span class="nv">$insert</span><span class="p">);</span> <span class="k">foreach</span><span class="p">(</span><span class="nv">$chunk</span> <span class="k">as</span> <span class="nv">$userId</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// finally, dispatch the event to every user, passing the notification information</span> <span class="nc">UserNotificationEvent</span><span class="o">::</span><span class="nf">dispatch</span><span class="p">(</span><span class="nv">$userId</span><span class="p">,</span> <span class="nv">$notification</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>If everything went correctly (did you remember to implement the ShouldBroadcast interface? I was trying to figure that one out the longest time 😅)</p> <h3> Receiving events on the client side </h3> <p>The sending is good and well, but we want to actually see the notifications on the client side as well. I have the views for the notification bell, the unread count, and a notification list all ready. They are available in the git repository if you need inspiration. To receive notifications, you just have to connect to your channel route, and then handle the event!</p> <p>First, let us get all existing notifications, and pass them to the user. Usually you would do this in a controller, or even a view service provider (since you probably want to show the notification bell on every page), but the <code>routes/web.php</code> file will do just fine for this demo<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// routes/web.php</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">get</span><span class="p">(</span><span class="s1">'/dashboard'</span><span class="p">,</span> <span class="k">function</span> <span class="p">()</span> <span class="p">{</span> <span class="nv">$user</span> <span class="o">=</span> <span class="nc">Auth</span><span class="o">::</span><span class="nf">user</span><span class="p">();</span> <span class="c1">// get all new notifications for the current user which (as in, the seen_at column on the notification_user pivot table is null)</span> <span class="nv">$notifications</span> <span class="o">=</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="nf">notifications</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">whereNull</span><span class="p">(</span><span class="s1">'seen_at'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">get</span><span class="p">();</span> <span class="k">return</span> <span class="nf">view</span><span class="p">(</span><span class="s1">'dashboard'</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'user'</span> <span class="o">=&gt;</span> <span class="nv">$user</span><span class="p">,</span> <span class="s1">'notifications'</span> <span class="o">=&gt;</span> <span class="nv">$notifications</span><span class="p">,</span> <span class="p">]);</span> <span class="p">})</span><span class="o">-&gt;</span><span class="nf">middleware</span><span class="p">([</span><span class="s1">'auth'</span><span class="p">,</span> <span class="s1">'verified'</span><span class="p">])</span><span class="o">-&gt;</span><span class="nf">name</span><span class="p">(</span><span class="s1">'dashboard'</span><span class="p">);</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">post</span><span class="p">(</span><span class="s1">'/notifications'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="kt">Request</span> <span class="nv">$request</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// mark all notifications as seen</span> <span class="nc">\App\Models\NotificationUser</span><span class="o">::</span><span class="nf">query</span><span class="p">()</span> <span class="o">-&gt;</span><span class="nf">where</span><span class="p">(</span><span class="s1">'user_id'</span><span class="p">,</span> <span class="nv">$request</span><span class="o">-&gt;</span><span class="nf">user</span><span class="p">()</span><span class="o">-&gt;</span><span class="n">id</span><span class="p">)</span> <span class="o">-&gt;</span><span class="nf">update</span><span class="p">([</span><span class="s1">'seen_at'</span> <span class="o">=&gt;</span> <span class="nf">now</span><span class="p">()]);</span> <span class="k">return</span> <span class="s1">'ok'</span><span class="p">;</span> <span class="p">})</span><span class="o">-&gt;</span><span class="nf">middleware</span><span class="p">([</span><span class="s1">'auth'</span><span class="p">])</span><span class="o">-&gt;</span><span class="nf">name</span><span class="p">(</span><span class="s1">'notifications'</span><span class="p">);</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// resources/views/dashboard.blade.php</span> <span class="c1">// add the notification component, if you have created one, and pass the data</span> <span class="o">&lt;</span><span class="n">x</span><span class="o">-</span><span class="n">notification</span> <span class="o">:</span><span class="n">user</span><span class="o">=</span><span class="s2">"</span><span class="nv">$user</span><span class="s2">"</span> <span class="o">:</span><span class="n">notifications</span><span class="o">=</span><span class="s2">"</span><span class="nv">$notifications</span><span class="s2">"</span> <span class="o">/&gt;</span> </code></pre> </div> <p>I am using <a href="https://alpinejs.dev" rel="noopener noreferrer">Alpine.js</a> for displaying the content. I expect the code can be easily ported to any Javascript framework and even vanilla JS. Just update the view logic, and bring the content from the init() method to your frameworks mounted hook (onMounted on Vue3, useEffect on React etc).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code><span class="c">&lt;!-- resources/views/components/notification.blade.php --&gt;</span> @props(['user', 'notifications', 'eventName']) <span class="nt">&lt;div</span> <span class="na">x-data=</span><span class="s">"notification"</span><span class="nt">&gt;</span> <span class="nt">&lt;div</span> <span class="err">@</span><span class="na">click=</span><span class="s">"markRead"</span> <span class="na">class=</span><span class="s">"relative w-6 h-6"</span><span class="nt">&gt;</span> <span class="nt">&lt;x-bell</span> <span class="nt">/&gt;</span> <span class="nt">&lt;x-count</span> <span class="nt">/&gt;</span> <span class="nt">&lt;/div&gt;</span> <span class="nt">&lt;x-notification-dropdown</span> <span class="nt">/&gt;</span> <span class="nt">&lt;/div&gt;</span> @push('scripts') <span class="nt">&lt;script&gt;</span> <span class="nb">document</span><span class="p">.</span><span class="nf">addEventListener</span><span class="p">(</span><span class="dl">'</span><span class="s1">alpine:init</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">Alpine</span><span class="p">.</span><span class="nf">data</span><span class="p">(</span><span class="dl">'</span><span class="s1">notification</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="c1">// this object will hold all notifications received at page load</span> <span class="na">notifications</span><span class="p">:</span> <span class="p">@</span><span class="nd">json</span><span class="p">(</span><span class="nx">$notifications</span><span class="p">),</span> <span class="c1">// a computed property to get the current notification count</span> <span class="kd">get</span> <span class="nf">count</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">notifications</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="p">},</span> <span class="c1">// on click of the bell, make a post request to mark all notifications as read. you probably want a better implementation, because you probably want the notifications to show in a popup. I leave the implementation to you</span> <span class="k">async</span> <span class="nf">markRead</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">data</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">{{ route(</span><span class="dl">'</span><span class="nx">notifications</span><span class="dl">'</span><span class="s1">) }}</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span> <span class="o">!==</span> <span class="kc">undefined</span> <span class="o">&amp;&amp;</span> <span class="nx">data</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">ok</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">notifications</span> <span class="o">=</span> <span class="p">[];</span> <span class="p">}</span> <span class="p">},</span> <span class="c1">// this is where we connect to the websocket. Do this on your mounted hook, be it document.addEvent('DOMContentLoaded') in vanilla JS, onMounted in Vue3, or useEffect() in React... </span> <span class="nf">init</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// connect to our socket. notice that we pass the user id here, just as we expected in routes/channels.php</span> <span class="nx">Echo</span><span class="p">.</span><span class="nf">private</span><span class="p">(</span><span class="dl">'</span><span class="s1">notifications.{{ $user-&gt;id }}</span><span class="dl">'</span><span class="p">)</span> <span class="c1">// the event name we are listening to must exactly match the short/unqualified class name of our event (so, without namespace or the ::class suffix)</span> <span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="dl">'</span><span class="s1">UserNotificationEvent</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">notification</span> <span class="o">!==</span> <span class="kc">undefined</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// if the event has a notification property, push the notification on the notifications object</span> <span class="k">this</span><span class="p">.</span><span class="nx">notifications</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">notification</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="p">},</span> <span class="p">}));</span> <span class="p">});</span> <span class="nt">&lt;/script&gt;</span> @endpush </code></pre> </div> <p>My demo implementation is just an ordered list of all notifications. You probably want to pop it up on click, or something similar.</p> <h3> Conclusion </h3> <p>Laravel makes broadcasting to webcasts as well as receiving the events really easy. Most of the functionality comes out of the box and only a few files have to be adjusted to get started.</p> <h4> Bonus: Possible improvements as homework </h4> <ul> <li>The frontend part is really bare bones. Show it some love (and update us how you did it!)</li> <li>Show a notification bell throughout your application. Try adding a <a href="https://laravel.com/docs/10.x/views#sharing-data-with-all-views" rel="noopener noreferrer">View Composer</a> to accomplish this</li> <li>Try playing with public and presence channels as well. Laravels Broadcasting documentation explains what these are</li> <li>Maybe build a small chat app that allows guest users to communicate </li> </ul> <h4> Bonus 2: Getting really cheeky using Reflection </h4> <p>Since we have to pass the short class name to the event, it might make sense to actually let PHP handle the event name. This way you can rename the event (using your IDE/language servers rename function (Intelephense etc), to automatically update references), without digging into the Javascript side again<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code><span class="c1">// routes/web.php</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">get</span><span class="p">(</span><span class="s1">'/dashboard'</span><span class="p">,</span> <span class="k">function</span> <span class="p">()</span> <span class="p">{</span> <span class="nv">$user</span> <span class="o">=</span> <span class="nc">Auth</span><span class="o">::</span><span class="nf">user</span><span class="p">();</span> <span class="nv">$notifications</span> <span class="o">=</span> <span class="nv">$user</span><span class="o">-&gt;</span><span class="nf">notifications</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">whereNull</span><span class="p">(</span><span class="s1">'seen_at'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">get</span><span class="p">();</span> <span class="nv">$eventName</span> <span class="o">=</span> <span class="p">(</span><span class="k">new</span> <span class="nc">\ReflectionClass</span><span class="p">(</span><span class="nc">\App\Events\UserNotificationEvent</span><span class="o">::</span><span class="n">class</span><span class="p">))</span><span class="o">-&gt;</span><span class="nf">getShortName</span><span class="p">();</span> <span class="c1">// get the short class name. This will automatically update, should you rename the event via IDE or language server </span> <span class="k">return</span> <span class="nf">view</span><span class="p">(</span><span class="s1">'dashboard'</span><span class="p">,</span> <span class="p">[</span> <span class="s1">'user'</span> <span class="o">=&gt;</span> <span class="nv">$user</span><span class="p">,</span> <span class="s1">'notifications'</span> <span class="o">=&gt;</span> <span class="nv">$notifications</span><span class="p">,</span> <span class="s1">'eventName'</span> <span class="o">=&gt;</span> <span class="nv">$eventName</span><span class="p">,</span> <span class="c1">// pass the eventName to your view. Don't forget to update the views to use the variable, instead of hardcoding the event name3</span> <span class="p">]);</span> <span class="p">})</span><span class="o">-&gt;</span><span class="nf">middleware</span><span class="p">([</span><span class="s1">'auth'</span><span class="p">,</span> <span class="s1">'verified'</span><span class="p">])</span><span class="o">-&gt;</span><span class="nf">name</span><span class="p">(</span><span class="s1">'dashboard'</span><span class="p">);</span> </code></pre> </div> <h3> References </h3> <ol> <li> <a href="https://laravel.com" rel="noopener noreferrer">Laravel</a>, <a href="https://laravel.com/docs/10.x/starter-kits" rel="noopener noreferrer">Laravel Breeze</a>, <a href="https://reverb.laravel.com/" rel="noopener noreferrer">Laravel Reverb</a>, <a href="https://laravel.com/docs/10.x/broadcasting#client-side-installation" rel="noopener noreferrer">Laravel Echo</a> </li> <li><a href="https://soketi.app/" rel="noopener noreferrer">Soketi</a></li> <li><a href="https://pusher.com/" rel="noopener noreferrer">Pusher</a></li> <li><a href="https://heroicons.com/" rel="noopener noreferrer">Heroicons</a></li> <li><a href="https://alpinejs.dev/" rel="noopener noreferrer">Alpine.js</a></li> <li><a href="https://tailwindcss.com/" rel="noopener noreferrer">tailwindcss</a></li> <li><a href="https://github.com/DannyFestor/-Youtube--Notification-Laravel-Soketi" rel="noopener noreferrer">Github Repository</a></li> </ol> websockets webdev php laravel