CakeDC Blog

TIPS, INSIGHTS AND THE LATEST FROM THE EXPERTS BEHIND CAKEPHP

Boosting your API with CakePHP API and...

A couple days ago AlexMax commented in CakePHP's IRC channel about the https://github.com/php-pm/php-pm project and it rang a bell for us. We did a couple tests internally and found this could be a great companion to our API plugin, so we wrote a new Bridge for CakePHP and ran some benchmarks.

The Cast

We put all together and created a sample application (1 posts table with 30 records) to do some benchmarks.

Benchmark configuration

We are not aiming to provide detailed or production figures, just a reference of the results obtained for your comparison. Results are generated from a development box, using PHP 7.1.12-3+ubuntu16.04.1+deb.sury.org+1 with xdebug enabled on ubuntu xenial, 8x Intel(R) Core(TM) i7-4771 CPU @ 3.50GHz We baked the application using the latest CakePHP 3.5.10, and set application debug to false, and log output to syslog. As we are interested in boosting API response times the most, we tested the following scenarios
  • A) CakePHP json output, served from nginx+phpfpm
  • B) CakePHP + API Plugin Middleware integration json output, served from nginx+phpfpm
  • C) CakePHP + API Plugin Middleware integration json output, served from php-pm
Benchmark figures were obtained using ab -n 5000 -c 100 URL

Results

Scenario requests/second avg time
A) CakePHP json output, served from nginx+phpfpm 372.97 [#/sec] (mean) 268.120 [ms] (mean)
B) CakePHP + API Plugin Middleware integration json output, served from nginx+phpfpm 399.79 [#/sec] (mean) 250.133 [ms] (mean)
C) CakePHP + API Plugin Middleware integration json output, served from php-pm 911.95 [#/sec] (mean) 109.656 [ms] (mean)
  These results for a NOT OPTIMIZED CakePHP application are promising, and the improvement using PHP-PM is huge in this case. There are some important considerations though:
  • PHP-FPM is mature and stable, PHP-PM is still in early development, although there is a 1.0 version released already.
  • Processes need monitoring, specially regarding memory leaks, we would need to manage a restart policy and be able to hot-restart individual workers
  • System integration, init scripts are not provided, even if this is something easy to manage nowadays via systemd or monit, would be good to have for production
  • Application bootstrapping should not be affected by the request. If your application bootstrapping depends on the request params, or logged in user, you'll need to refactor your code
  • Session handling was not tested, issues are reported for PHP-PM for other frameworks. We were aiming to stateless API's so we don't know if this would be an issue for a regular application
Performance is always a concern for the API developer, applying proven paradigms like the event driven development (https://reactphp.org/) to your existing code would be the way to go and ensure backend frameworks like CakePHP will perform as required when dealing with the peaks we all love and hate.

Giving back to the community

This Plugin's development has been sponsored by the Cake Development Corporation. Contact us if you are interested in:      

Why an independent code review is impo...

Passbolt recently contacted us about doing a code review so we thought now would be a great time to share more about our code review process with you. While in-house and peer reviews are important to maximise code quality, it is still incredibly important to get an independent third party to review your code - that is where CakeDC can step in. Passbolt is free, open-source, self hosted password manager for teams which makes collaboration and sharing company account credentials within a team much easier. It's based on open security standards and uses OpenPGP to authenticate users and verify secrets server side. Passbolt consists of server side web app built in CakePHP providing web interface and API, and Chrome extension for client side. The overall aspects that are reviewed in our code review include a review of quality, implementation, security, performance, documentation and test coverage. When looking into quality, the team reviews aspects concerning the code following CakePHP conventions, coding standards and coding quality. Overall, passbolt’s code review revealed that CakePHP conventions and coding standards are largely followed, no concerns were detected. Implementation outlines key issues with framework use and approach. It includes reviewing the code for framework usage, separation of concerns as well as code reuse and modularity. Key recommendations are outlined at this point and guidance is given into how to solve any issues. For the Passbolt review, bigger or concerning issues were uncovered, but improvements were recommended and outlined within the closing documentation. The security portion of the code review deals with how secure the code is in terms of CakePHP usage. No security flaws were found in the passbolt code review. Our in depth code review focuses on performance, specifically investigating any bottlenecks in the code base and database as well as indexes optimization. For the full passbolt code review results, check out the Code review results. Passbolt has also posted about their review, check out their post here. If you or your company has a CakePHP application and you aren’t sure if its running at the optimum, then get in touch - Code reviews can offer insights and learning into how to improve your application.

Errors to fix today on your site

Running a website can lead to massive success for you business, however, without the proper maintenance, you can be losing out. Some errors your site can be suffering from may be minor, such as spelling mistakes, however, there may be errors that can have significant impacts such as pending security updates. Let's take a quick look at some that you should fix today! Basic HTTP errors If there are HTTP errors lurking on your site, your visitors are probably getting frustrated. Make sure to constantly review your website for these errors. Some of the more common ones include 401, 404 and 500 errors. Spelling errors, basic content duplication and broken links These are all easy and minor errors to fix, however they can lead to your visitors losing trust in your company or brand. Invalid HTML Your website’s HTML needs to follow the published HTML standards and if not, will lead to invalid HTML. Having invalid HTML leads to a multitude of things including impacted/lower SEO rankings, reduced accessibility for visitors using screen readers and other assistive technologies and browser compatibility. Pending security updates and version updates Having pending updates can open you up to malicious activity such as website defacing or stealing of confidential information. If you have an update pending, quickly update today! Incorrectly inserted analytics tags Be sure to double check that your analytics tags have been added to your code correctly. You may be missing out on valuable information that will help you improve your website. Not sure what you are doing wrong? Google offers guidelines and tutorials to get any issues sorted out quickly. Lastly, be sure to ask yourself - Have you tested? Testing is another key part to the success of your new site’s launch. Be sure to not miss this step. Not sure how to properly test your site? Here’s a great checklist to check out. From how to test elements such as HTML, CSS, security and performance through to SEO and accessibility, this checklist will guide you along best practices when it comes to testing. Another important tool to make use of is the W3 Markup validator.  

Why Mobile web design is important

With mobile traffic continuing to dominate, its just as important to get your mobile web design up to scratch. The stats for 2017 show that mobile searches once again took the lead at 50% with desktop sitting at around 45%. When designing your web application, it is key to not only consider mobile web development, but to prioritise it. Can you afford to lose over half of your web traffic due to poor design? Search engines have started prioritizing mobile friendly websites - what does this mean for you? Google has understood this shift in user behaviour, and with their mobile-first search index already kicking in, now is the time to get the mobile version of your site in tip top shape. If your mobile site lacks the same detailed information as your desktop site, you will get hurt by this indexing. Not providing key detail on your pages will shift your overall SEO rankings. Mobile optimized web design provides a better user experience for mobile users. With such a high percentage of mobile traffic, ensuring that these users get the best user experience possible on your site is vital. By ensuring that your mobile web design is functional, you provide the user with key functional aspects such as readable fonts and headers, easy-to-click links and faster load times. There are a variety of free tools out there to help you assess whether your site will rank well or not. If you are optimising your SEO and web design efforts for Google, then take a look at these three key tools that are vital to all developers. Google’s mobile-friendly test allows you to simply enter in your website URL and run a quick check to determine if you site is mobile friendly. While this tool is great for seeing how Google ranks your site, it doesn’t provide any detail in the site’s strengths and weaknesses. Google’s page speed insights tool allows you to assess the load speed times of your site. As well as providing a score, it also provides detail into how you can go about fixing the page speed. Google’s webmaster tools mobile usability test shows you even more detail into the usability of your mobile site. With many great free resources, as well as many insightful blog posts, you too can get your mobile site optimized for your user. CakeDC provides both development and consulting services, ensuring that you are left with the best web application solution. If you are in need of a full scoped development project or are simply looking for guidance and expert knowledge for your application, CakeDC is the team to contact.

Tips for building custom apps

Sometimes all your website needs is a bit of added functionality and increased interactivity. Custom applications can make or break your user experience, here are some of the key things you should look out for when getting your custom applications developed. Consider tooltips to guide users Sometimes custom applications require certain actions from the user. Tooltips allow you to help the user along without cluttering the interface. Include progress notifications Tell the user if something has been processed successfully. Including feedback notifications such as “loading” or “please wait” can help your users understanding of your application. Keep familiar patterns and navigation within your application Users will find the experience of using your custom application if a similar navigation is used - keeping familiar patterns can be achieved through various methods such as keeping information in the same areas on every page. Keep pop-ups to a minimum or have none at all! Pop ups distract and interfere with a user's experience. Limit the use of these to a minimum - only including key and critical information if used. Ensure log-in or entry information simple and easy If your application requires a user to log in or provide certain information before accessing the content, it's important to keep this requirement simple. Having high entry barriers or information required can stop a user from actually using your application. Design your custom application for your target audience Who do you see as the ideal user of your application? Avoid technical jargon or unfamiliar terms or processes. Are you designing a shopping cart for users accustomed to online shopping? Then keep up-to-date with the latest best practices from top ecommerce sites and follow their lead. Are you looking for a custom application? Contact CakeDC, the experts behind CakePHP.  

We Bake with CakePHP