PHP Dotenv VS Pest

After successfully setting up our project, you'll observe that certain packages come pre-installed. One of these packages is vlucas/phpdotenv. This package serves the purpose of facilitating the loading of .env variables within your projects. These variables, stored in a file named '.env', allow for the configuration of various settings without hardcoding them directly into your code. Instead, you can define environment-specific variables such as database credentials, API keys, or any other sensitive information in the .env file, providing a more flexible and secure approach to configuration management.

Recently, I jumped to reading on the documentation of the function putenv() and define() and the array $_ENV to understand the different between all. Also, I looked at the library phpdotenv and how it handles environment variables since its the standard approach to go with when dealing with environment variables in PHP.

So to get down to it, what are some of the best practices here? First off, things that you would normally do, like utilize some sort of secrets manager, that won't be available to you. You also can't utilize environment variables with apache. So you're going to have to have some sort of local secret (password/passphrase) to perform the encryption/decryption. With that said, mysql does provide AES encryption with their AES_ENCRYPT/AES_DECRYPT calls, so in that manner, yes you can safely store PII or other values in a shared MySQL. You can use a php library like https://github.com/vlucas/phpdotenv The decryption password(s) should be in the .ENV file Nothing prevents you from utilizing some scheme perhaps to provide multiple passwords if you want to, perhaps a separate one for each individual column you plan to encrypt.

DotEnv - a popular library that allows us to use environment variables in our project.

[PHP dotenv.](https://github.com/vlucas/phpdotenv) Loads environment variables from `.env` to `getenv(), $_ENV` and `$_SERVER`

PHP dotenv. Loads environment variables from .env to getenv(), $_ENV and $_SERVER automagically.

Use this library https://github.com/vlucas/phpdotenv. Hopefully you are using composer. If not, please consider using it.

First, we need to have PHP installed as well as Composer (A dependency manager for PHP). Using Composer, we need to install dotenv which will allow us to read .env files.

Here, I'm using the vlucas/phpdotenv library to process .env files.

Today, I finished the first implementation of this environment, adding Pest and PHPUnit in v10.5, which is currently not supported by default with WP Env.

Below, I added some examples for testing the request and client classes. For the tests, I am using Pest PHP which provides a clean syntax and additional features on top of PHPUnit.

Also, it's my personal opinion that when your terminal asks you to give a star to a repository on github that's going to save you hours of toil and heartache, actually taking the time to do it is the same thing as unlocking an achievement in real life. And then you can go back someday and see all those stars and realize how connected you are to all these people who are a lot like you and how much you learned from their stuff. But again, I digress.

By default, Laravel comes with PHPUnit for testing. However you can use Pest instead.

Redis for cache

PHP isn’t dead. It definitely has some weirdness introduced in older versions that cannot be removed due to backward compatibility promises. However, recent versions of PHP have improved performance and developer experience significantly. Also, we use strict types and PHPStan [https://phpstan.org] (max level) to ensure type safety. And, we try to have 95%+ coverage using Pest PHP [https://pestphp.com]. With those tools, writing PHP is fun. Laravel saves a lot of time by abstracting away many HTTP, queue, and CLI-related tasks. MYSQL is the single source of truth. We sync data to Meilisearch for search. Laravel Scout makes syncing effortless. Redis is used for caching and queues.

More details on the open-source software we use are available here: [https://blogs.hyvor.com/docs/oss]

Theme Development:

In Hyvor Blogs, all themes are fully customizable. We wanted to make the theme development process as friendly as possible for developers. Being a hosted software, this is quite hard. Developers aren’t fond of (including me) editing a file on the browser to make something work. Providing an online web editor to create themes wasn’t an option. So, we created a simple CLI tool [https://github.com/hyvor/hyvor-blogs-cli] that developers can install locally via NPM. This CLI tool listens for file changes and syncs all theme files to a development blog in our production system. So, developers can make changes in their local editor and see changes with almost no delay. This has worked pretty well so far!

Theme Structure:

We wanted to keep the theme structure simple. No Javascript frameworks - just plain old-school HTML because it works the best with search engines, minimizes the data transfer required between the server and the browser, and even provides a better experience for end users.

We obviously needed a templating language to render HTML from data. There were many options like Handlebars, Liquid, and Twig. All do the job. We went with Twig because its original package is written in PHP and managed by the Symfony team so we could trust it and easily integrate it into our system.

Another thing we cared about a lot is creating standardized theme guidelines. For example, if you take WordPress themes, most themes have their own structure and are very different from each other. This adds a learning curve to each theme. To prevent that, we created standardized theme guidelines for all published themes to follow. We also standardized how common things in blogs like color theme switching, searching, language switching, etc. work. This helps users switch between and customize their themes effortlessly.

Then, there is one important thing we realized. “The structure of a blog is very simple”. First, you might think you need several stylesheets, jQuery, bootstrap, etc. NO! Just one stylesheet and barely some vanilla javascript for interactive elements like search. Realizing this helped us further improve theme performance. In our themes, the developer writes several SCSS files inside the /styles directory. This makes it easier for them to manage styles in chunks. Then, we convert all SCSS files into a single styles.css when loading it in the blog. That way, only 1 HTTP request is needed for styles - it’s super fast!

You can see more about theme development here: [https://blogs.hyvor.com/docs/themes-overview]

All official themes are free and open-source. [https://github.com/hyvor/hyvor-blogs-themes]

We have ported multiple open-source themes, and now working on a couple of original themes as well.

Caching:

We incrementally cache content using “first-request caching”. If you visit a post in the blog, the response is dynamically created and cached. Subsequent responses are served from the cache until the blogger updates the post.

This is highly efficient and scalable. Also, there is no building step involved as in Netlify or similar static hosting platforms. You can immediately see changes but also benefit from caching.

The cache is saved on a Redis server in our data centers, but we may try CDN edge caching in the future.

Multi-language support:

Multi-language support is probably the most unique selling point of Hyvor Blogs. The first version of Hyvor Blogs did not have a multi-language feature. Adding that feature took a lot of careful thought and effort, but it was totally worth it. I can safely say there’s no other hosted blogging platform that makes managing multiple languages as easy as Hyvor Blogs does.

First, we had to figure out what data was translatable. For example, post content, description, etc. Then instead of saving that data in the `posts` table, we created a new `post_variants` table to save them linked to a specific `language_id`. The blogger can create multiple languages and each entity (`post` , `tag` , `user`) can have variants for each language.

Additionally, we integrated DeepL [https://deep.com] to let bloggers automatically translate posts into many languages.

Data API filtering:

Our Data API [https://blogs.hyvor.com/docs/api-data] returns public data of the blog. This is also internally used in themes to fetch additional data. If you think about filtering data (ex: posts), one may want to filter `published_at < {time}` while another wants `published_at > {time}`. If we went with the normal API approach, we’d need many query parameters like `published_at_greater_than`, `published_at_less_than`, etc. That’s ineffective. So, we wrote a little query language called FilterQ to take a single `filter` input parameter and safely convert it to the `WHERE` part of the SQL query. With it, you can call the API with `filter=published_at>{time}` param. And, it’s even possible to use `and` / `or` and grouping for complex filtering.

Library (implemented in Laravel): https://github.com/hyvor/laravel-filterq

Sub-directory hosting:

We designed a new way to host a blog in a subdirectory of a web application. Let’s say you have a Laravel application at example.com. We created Delivery API [https://blogs.hyvor.com/docs/api-delivery] to help you host your blog at example.com/blog.

This API tells you how to deliver a response for a request (hence “Delivery” API). For example, when your Laravel app receives a request to /blog/hello-world, your app calls the Delivery API to learn how to respond to “/hello-world”. The Delivery API returns a JSON with all the data needed. Your app will then use that JSON response to create an HTTP response and send back the response to the client. It will also save the response in the cache so that it doesn’t have to call the Delivery API next time for the same path.

This is quite similar to a reverse proxy with caching, but the JSON API makes it easier to use it in web applications as we do not need HTTP parsing logic.

This is also similar to how our “first-request” caching works, but this time this caching happens inside your web application. To clear the cache, we use webhooks.

For now, we have developed libraries for Laravel and Symfony for sub-directory hosting, with plans to cover more frameworks in the future.

Rich Editor

This was probably the hardest part of all. We spent months testing many frameworks like Draft.js, Prosemirror, and even pre-built rich editors like TinyMCE. We wanted customizability and also ease-of-use. No framework checked all boxes.

We decided to go with ProseMirror [https://prosemirror.net]. It was complex but eventually, we came to understand the power of it. It has a steep learning curve, but it’s totally worth it. We actually enjoy writing Prosemirror plugins now to add some functionality to the Rich Editor. Also, recently the author added typescript support, which incredibly improved the experience. We created many nodes like Blockquotes, Callouts (with emoji), Images with captions, Embeds, and Bookmarks pretty easily after that. ProseMirror has quite good browser support as well.

Flashload

I’ve been a fan of InstantClick [http://instantclick.io/]. We wanted to add something similar to all blogs to add a “fake-fast” effect. If you haven’t used InstantClick before, it is a simple library that turns separate HTML pages into a single-page app. It starts loading content on the mouseoever event of a link and replaces the when clicked on it. This makes navigation super fast. We created an almost copy of Instantclick named Flashload [https://github.com/hyvor/flashload] with additional configurations and optimized caching. Feel free to use it in your projects :)

Overall, it’s been a great learning experience working on Hyvor Blogs. We’d love to know what HN thinks about our project. I am happy to answer any questions you might have.

I really like how Pest PHP formats and outputs test results, but I still prefer to use PHPUnit. Luckily there's Collision. This package is designed to give you beautiful error reporting when interacting with your app through the command line.

Pest 2.0 has just been released, and it's here to make your PHP testing experience more enjoyable and efficient. We will dive into the world of Pest and explore what makes it stand out from PHPUnit. Plus, we'll check out the latest features in Pest 2.0! 🚀

I like collision https://github.com/nunomaduro/collision it is the output formatter wich the Pest Testing Framework is also using, I'm using it without Pest.

Nuno Maduro, creator of Pest has added new PHP style of type hinting and removed old way of dock-block in all stubs and maybe codebase. It seems that the change has not a sensible different for end-users :)