Freek.dev

Glide is an easy to use image manipulation library by Jonathan Reinink. It was bumped to version 1.0.0 a few days ago. Glide can created optimized images on the fly by levering url's such as /img/users/1.jpg?w=300&h=400&fit=crop. Take a look at the example in the Glide documentation to know more.

I think Glide provides a very nice API to create image manipulations. Unfortunately it isn't very easy to use the API to generate an image using code. So I created a little package for that called laravel-glide. All new major versions of Spatie packages will require PHP 7, laravel-glide is no exception to this.

Here's an example of how to create a greyscale version image with a maximum width of 50 pixels.

GlideImage::create($pathToImage)
    ->modify(['filt'=>'greyscale', 'w'=> 50])
    ->save($pathToWhereToSaveTheManipulatedImage);

Take a look at Glide's image API to see which parameters you can pass to the modify-method.

Read more

The project I'm currently working on will have to send out mails to all its users on a regular basis. It's not a newsletter: the contents of each mail will be very specific to each user. The mail also should contain a link to unsubscribe the user from simular future mails.

The link could look like this: https://myapp.com/unsubscribe. Clicking on the link would direct the user to a login page. After the user has logged in the unsubscribe can be automatically performed. In my mind requiring the user to login first in order to unsubscribe from something isn't very user friendly.

This can be improved by adding the id of the user to the link. Here's what that could look like: https://myapp.com/user/1/unsubscribe. With this link you the app can unsubscribe the user with id 1 in one go. That'll work, but it's not very secure. Unsubscribe links for all other users can be easily guessed. Such links can be made more secure by adding a signature and an expiry date on them.

My colleague Sebastian coded up a Laravel package to create signed url's with a limited lifetime. Here's example where the url gets signed and made valid for only one day:

echo UrlSigner::sign('https://myapp.com/user/1/unsubscribe', 1);

This outputs an url that looks like: https://myapp.com/user/1/unsubscribe?expires=1123690544&signature=93e02326d75

The validate-method can be used the determine if a signed url is (still) valid:

$isValidUrl = UrlSigner::validate($theSignedUrlInTheExampleAbove);

The signature is calculated using the original url itself, the expiration date and a secret string that's specific to your project. When a malicious user tries to change any part of the url the signature won't match up.

I'm assuming that the most common use case of signing url's is to protect routes. The package supplies a middleware that protects routes from invalid signed url's. In the following example only requests with a valid signed url will hit the controller:

Route::get('unsubscribe', ['middleware' => 'signedurl', 'uses => 'UserController@unsubscribe']);

If you're interested in using the package, take a look at it on GitHub: https://github.com/spatie/laravel-url-signer

There's also a framework agnostic version: https://github.com/spatie/url-signer

E-mails can be intercepted and are never 100% secure. Bearing that fact in mind you should never use this kind of link for any destructive action.

EDIT: Some fellow developers pointed out that I could also obfuscate the id in the url. Here are two good libraries to do that:

• http://hashids.org/
• https://github.com/jenssegers/optimus

And sure enough, the unsubscribe links of other users cannot be easily guessed. A small downside however is that the url becomes less readable. The big disadvantage is that the url will remain valid forever. As these links through an unsafe medium I think it's a good idea to give them a limited lifetime. Signing an url will do that.

Read more

The sublime Laravel newsletter added a new section to spotlight a developer in a short interview. I had the honor of being the first interviewee.

https://laravel-news.com/2015/06/developer-spotlight-freek-van-der-herten/

Read more

When working on projects I found myself, over time, needing the same string functions over and over again. Things like how to shorten a string but still let it end on entire word, replace the last occurrence of string in a string, ...

Instead of keeping these functions in a helper file locally in the project, I made a package out of it. It was a good opportunity to spice it up with bit of OO to make them chainable. An example:

[code] // outputs "MIDDLE" echo string('StartMiddleEnd')->between('Start', 'End')->toUpper();

In addition to it's own methods, the package provides <a href="https://github.com/spatie/string#integration-with-underscorephp">an integration</a> with <a href="https://github.com/Anahkiasen/underscore-php">Maxime Fabre's underscore package</a>.

You are very welcome to submit pull requests to add functions that you feel are missing. Be sure to include some unit tests to ensure everything working as intended.

Granted,  it isn't the most sexy package in the world, but it sure is handy.

<a href="https://github.com/spatie/string">https://github.com/spatie/string</a>

Read more