Backend Refactoring
Backend Refactor Backlog
List of things we want to refactor on BE at some point.
Items are to be logged when found and taken out when passed to WIP grid.
| Priority | Title | Assigned to | Progress | Domain | Size | Proposer |
|---|---|---|---|---|---|---|
| M | Data separation | Eudald | On hold | Everything | ||
| M | Containerisation | TBC | In progress | Infra | ||
| M | BuilderMiddleware refactor - Do not mention specific routes | App | M | Eudald | ||
| M | member & organisation DB fields mixups. identifier on checklist_item | App | M | Eudald | ||
| L | Use symfony/amqp-messenger instead of php-amqplib/php-amqplib for event-dispatching & consumers. Also symfony/messenger ? | App | M | Eudald | ||
| L | Remove old notification system. NotificationComposite , NotificationTypeModel && notification_type | App - Notification | S | Eudald | ||
| L | Delete remains of Google SSO | App - SSO | S | Eudald | ||
| L | Bulk undo command | Eudald | App - C&H | S | Eudald | |
| L | Models - Implement eloquent timestamps, relationships and soft-delete on all models | App - ORM | M | Eudald | ||
| L | Controllers - Remove HTML post Grid2Vue | App | M | Eudald | ||
| L | Integration (webhooks). There are about 4 levels of unnecessary abstraction which make them far more complicated to debug than they should be. | App | S | Marc | ||
| L | Re-evaluate XSS security - Cloudflare, Middleware & Purifier | App & Infra | S | |||
| L | Centralized Maintenance mode toggle | Eudald | In progress | Infra | M-S | |
| L | Add foreign keys for content_area_item and checklist_item | App | S | Eudald | ||
| L | Set mandatory connection & eventDispatcher on BaseService on constructor | App | S | Eudald | ||
| L | Remove NoRestrictionAuthorizationFilter . Authorization filter is no longer mandatory and can be null. New baseline is OrganisationAuthorizationFilter although it might not be possible or practical to have OrganisationEntityModel available everywhere | App | M | Eudald |
BE - Composer and Settings
Composer Packages
| Name | Use | Last Updated |
|---|---|---|
| "slim/slim": "^3.1" | Framework | 2016-07-26 |
| "slim/php-view": "^2.0" | View renderer | 2016-07-26 |
| "monolog/monolog": "^1.17" | Logging | 2016-07-26 |
| "illuminate/database": "^11" | Models, database connection | 2024-08-05 |
| "slim/flash": "^0.1.0" | Flash messages (for toasts etc.) | 2016-12-15 |
| "nette/mail": "3.0.0" | Notification etc. emails | 2023-06-12 |
| "guzzlehttp/guzzle": "^7.5" | HTTP requests | 2023-03-03 |
| "intervention/image": "^2.4" | Links area icons, profile images | 2017-11-20 |
| "slim/csrf": "^0.8.2" | CSRF | 2017-11-21 |
| "nesbot/carbon": "^2.27" | Dates | 2019-12-08 |
| "phpoffice/phpspreadsheet": "^1.0" | Exporting grid | 2018-05-18 |
| "alchemy/zippy": "^0.4.8" | Exporting grid | 2018-05-18 |
| "voku/anti-xss": "^4" | XSS middleware | 2025-04-14 |
| "nette/utils": "2.5.3" | Pagination | 2018-12-07 |
| "embed/embed": "^3.4.15" | Embedding videos etc. | 2021-04-26 |
| "joshralph/password-policy": "^0.2.0" | Verifying passwords | 2019-07-18 |
| "softcreatr/php-mime-detector": "^3.0" | Uploaded files | 2019-07-18 |
| "xenolope/quahog": "^2.1" | ClamAV anti-virus | 2019-10-10 |
| "scssphp/scssphp": "^1.0" | Custom colours | 2019-10-28 |
| "league/oauth2-google": "^4.0" | Google SSO | 2023-03-03 |
| "ralouphie/mimey": "^2.1" | Google SSO | 2019-11-08 |
| "foxworth42/oauth2-okta": "^1.0" | Okta SSO | 2019-11-08 |
| "mongodb/mongodb": "^1.5" | Activity log, caching etc. | 2019-11-19 |
| "laravolt/avatar": "^5" | Initials profile images | 2014-07-11 |
| "league/csv": "^9.0" | Exporting csvs | 2020-02-19 |
| "eluceo/ical": "^0.16.0" | Adding tasks to calendar | 2021-01-12 |
| "vstelmakh/url-highlight": "^3.0" | Highlighting mentions in comments in CommentHelper | 2021-02-22 |
| "lcobucci/jwt": "3.3.1" | API authentication | 2021-04-11 |
| "stevenmaguire/oauth2-microsoft": "^2.2" | OneDrive | 2021-09-06 |
| "symfony/console": "^5.3" | Console commands | 2021-07-09 |
| "doctrine/migrations": "^3.2" | DB Migrations | 2021-08-09 |
| "swaggest/json-schema": "^0.12.36" | Schema middleware | 2021-09-03 |
| "hubspot/api-client": "^3.1" | Sending user data to HubSpot | 2021-09-21 |
| "symfony/event-dispatcher": "^5.3" | Events | 2021-09-27 |
| "onelogin/php-saml": "^3.6" | Ping Federate SSO | 2022-06-14 |
| "webonyx/graphql-php": "^14.11" | Search | 2022-08-02 |
| "guzzlehttp/psr7": "^1.9" | AI requests (getting refactored soon) | 2022-08-02 |
| "phpstan/phpdoc-parser": "0.3.5" | Typed controller | 2023-04-18 |
| "php-amqplib/php-amqplib": "^3.5" | RabbitMQ events | 2023-06-12 |
| "openai-php/client": "^0.3.4" | AI (getting refactored) | 2023-06-01 |
| "gioni06/gpt3-tokenizer": "^1.2" | AI (getting refactored) | 2023-06-12 |
| "robthree/twofactorauth": "^1.8" | 2FA | 2024-04-25 |
| "symfony/messenger": "^6.3" | Commands & Handlers | 2024-07-10 |
| "mongodb/laravel-mongodb": "^4.7" | MongoDB connector to Eloquent | 2025-01-13 |
| "ezyang/htmlpurifier": "^4" | XSS purifier | 2025-01-13 |
| "loicboursin/oauth2-microsoft-graph": "^1" | MS Graph SSO | 2025-04-24 |
| "fakerphp/faker": "^1" | Required for eloquent factories |
Settings
| Name | Use |
|---|---|
| 'debugMode' | Option to add debug info on interface. Delete |
| 'maintenanceModeOnError' | Prompt to maintenance when connection to database fails |
| 'recordTimeAndMemory' | Delete |
| 'displayErrorDetails' | Show php error details |
| 'addContentLengthHeader' | Used html length of header |
| 'determineRouteBeforeAppMiddleware' | Internal to Slim |
| // 'routerCacheFile' | Delete the comment |
| 'renderer' | Setting used. Twig not used but templates still in this path. |
| 'logger' | Used |
| 'database' | Used |
| 'mongoDatabase' | Used |
| 'viewCacheDatabase' | Used |
| 'cacheElementJson' | Used |
| 'cacheGanttTasks' | Used |
| 'amqp' | Used |
| 'routerCacheFile' | Used |
| 'listenerCacheFile' | Used |
| 'handlerCacheFile' | Used |
| 'migrations' | Used. Could be refactored to remove |
| 'uploads' | Used. Could be refactored to remove |
| 'profile' | " |
| 'profilePhoto' | " |
| 'customise' | " |
| 'login' | " |
| 'email' | Used |
| 'hubSpot' | Used |
| 'subdomain' | Used. Could be refactored to remove |
| 'openAi' | Used |
| 'azureOpenAi' | Used |
| 'ssl' | Used. Could be refactored to remove |
| 'base_url' | Used. Could be refactored to remove |
| 'sign_in_url' | Used. Could be refactored to remove |
| 'allowUserToRunCron' | Used? |
| 'api' | Used |
| 'disallowedEmailDomains' | Used. Could be refactored to remove |
| 'stripe' | Delete |
| 'fileUploads' | Used. Could be refactored to remove |
| 'documents', 'accept' | " |
| 'images', 'accept' | " |
| 'virusScan' | Used |
| 'googleRecaptcha' | Delete |
| 'posthog' | Used |
| 'dms' | Used |
| 'box' | " |
| 'google' | " |
| 'oneDrive' | " |
| 'saml' | Used |
| 'jwt' | API |
| 'signUpElementTemplates' | Used |
PHP 8.4 Features - What Shall We Use, What Shall We Avoid?
Property hooks
Reference: Stitcher.io
Decision: Try a pilot on private properties, see how we get on and discuss further
Without parentheses
Reference: Stitcher.io
Decision: We should/can use this
Asymmetric visibility
Reference: Stitcher.io
Decision: It's ok to use, but it won't be enforced as a standard
New array functions
Reference: Stitcher.io
Decision: We can use all of the new array_* functions
Implicit nullable types
Reference: Stitcher.io
Decision: This should be the new standard, and PR changes should be requested as per the change in 8.4
New HTML5 support
Reference: Stitcher.io
Decision:
- For new features, use \Dom\HTMLDocument
- Do not refactor to replace \DomDocument to use the new class
JIT changes
Reference: Stitcher.io
Decision: No action needed, just info
Lazy objects
Reference: Stitcher.io
Decision: It's ok to use, but it won't be enforced as a standard
The #deprecated attribute
Reference: Stitcher.io
Decision: We should be using this new feature
Full list of changes
Reference: Stitcher.io
PHP 8.4 - Release Schedule
- February 3rd - local/dev and staging upgraded to PHP 8.4
- ASAP - Web4 back in action
- February 17th - move web3 and web4 into a separate LB, point mg and testmg to the new load balancer, upgrade both servers to PHP 8.4
- March 3rd - Upgrade web1 and web2 to PHP 8.4