Daryle De Silva

Blog

  • Markdown Links in Database Comments for Better Admin UX

    Database comment fields are often filled with plain reference IDs that require manual copying and pasting into search bars or URLs. Here’s a tiny UX improvement that turns those plain IDs into clickable links.

    The Problem

    Your admin panel lets users add notes to records. Users often reference related resources by ID:

    // Admin adds comment like this:
"Related to order #12345"
"See invoice #67890 for details"

    Later, someone reads that comment and has to manually navigate to the orders page, search for 12345, etc. Wasted clicks.

    The Solution: Markdown Links

    Store markdown-formatted links in your comment field instead:

    // When saving the comment:
$comment = sprintf(
    '[Order #%d](%s)',
    $order->id,
    route('admin.orders.show', $order)
);

$record->notes = $comment;
$record->save();

    Result in the database:

    [Order #12345](/admin/orders/12345)

    Display It in the UI

    Most admin panels render comments as plain text. Parse it with a markdown library on display:

    use League\CommonMark\CommonMarkConverter;

$converter = new CommonMarkConverter();
$html = $converter->convert($record->notes);

// In your Blade template:
{!! $html !!}

    Now your admins see clickable links instead of plain IDs.

    When To Use This

    • Audit logs: Link to the user who made the change
    • Error reports: Link to the transaction or session that failed
    • Notes fields: Link to related records
    • Status changes: Link to the approval or rejection action

    Quick Wins

    1. Start with one high-traffic admin page
    2. Add markdown rendering to the comments display
    3. Wrap IDs in markdown links when creating new comments
    4. Watch your team stop asking “where do I find order 12345?”

    Small change. Big quality of life improvement.

  • When to Widen Type Hints to object + instanceof

    When to Widen Type Hints to object + instanceof

    You have a method that accepts an interface type hint. Then a new caller needs to use the same method, but its object doesn’t implement that interface. The lazy fix? Widen the type hint to object and check with instanceof.

    Here’s when that’s actually the right call.

    The problem

    Say you have a repository method that handles invalid configuration:

    class ConfigRepository
{
    public function handleInvalidConfig(
        string $configKey,
        SyncableInterface $handler
    ): void {
        $mapping = $handler->getConfigMapping($configKey);
        $mapping->markInvalid();
        $mapping->save();
    }
}

    This works great — until a new type of handler comes along that doesn’t implement SyncableInterface but still needs to report invalid configuration. The handler doesn’t have config mappings at all; it just needs the “mark as invalid” side of the logic.

    You get a TypeError:

    ConfigRepository::handleInvalidConfig(): Argument #2 ($handler) must be of type SyncableInterface, BasicHandler given

    The fix: widen and guard

    class ConfigRepository
{
    public function handleInvalidConfig(
        string $configKey,
        object $handler
    ): void {
        if (!$handler instanceof SyncableInterface) {
            // This handler doesn't support config mapping — skip gracefully
            return;
        }

        $mapping = $handler->getConfigMapping($configKey);
        $mapping->markInvalid();
        $mapping->save();
    }
}

    When this pattern makes sense

    This isn’t “make everything object and pray.” It’s appropriate when:

    • The caller hierarchy is fixed — you can’t easily make all callers implement the interface (e.g., the method is called from a shared base class)
    • The behavior is optional — not all callers need the full logic, some just need to pass through
    • The alternative is worse — duplicating the method or adding a parallel code path creates more maintenance burden

    The alternative: multiple interfaces

    If you find yourself widening type hints often, it might signal that your interface is doing too much. Consider splitting:

    interface ReportsInvalidConfig
{
    public function getConfigMapping(string $key): ConfigMapping;
}

interface SyncableInterface extends ReportsInvalidConfig
{
    public function sync(): void;
}

// Now the method can type-hint the narrow interface
public function handleInvalidConfig(
    string $configKey,
    ReportsInvalidConfig $handler
): void {
    $mapping = $handler->getConfigMapping($configKey);
    $mapping->markInvalid();
    $mapping->save();
}

    This is cleaner long-term, but requires changing the interface hierarchy — not always possible in legacy codebases or when you’re shipping a hotfix at 2 AM.

    The pragmatic rule: object + instanceof for hotfixes and optional behavior. Interface segregation for planned refactors. Both are valid — just know which situation you’re in.

  • Match Your Timeout Chain: Nginx → PHP-FPM → PHP

    Match Your Timeout Chain: Nginx → PHP-FPM → PHP

    You’ve bumped max_execution_time to 300 seconds in PHP, but your app still throws 504 Gateway Timeout after about a minute. Sound familiar?

    The problem isn’t PHP. It’s the timeout chain — every layer between the browser and your code has its own timeout, and they all need to agree.

    The typical Docker stack

    Browser → Nginx (reverse proxy) → PHP-FPM → PHP script

    Each layer has a default timeout:

    Layer Setting Default
    Nginx fastcgi_read_timeout 60s
    PHP-FPM request_terminate_timeout 0 (unlimited)
    PHP max_execution_time 30s

    If you only change max_execution_time to 300s, PHP is happy to run that long — but Nginx kills the connection at 60 seconds because nobody told it to wait longer. You get a 504, PHP keeps running in the background (wasting resources), and your logs show no PHP errors because PHP didn’t fail.

    The fix: align the entire chain

    php.ini overrides:

    max_execution_time = 300
max_input_time = 300
memory_limit = 512M

    Nginx site config (inside your location ~ \.php$ block):

    location ~ \.php$ {
    fastcgi_pass php:9000;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

    # Match PHP's max_execution_time
    fastcgi_read_timeout 300s;
    fastcgi_send_timeout 300s;
    fastcgi_connect_timeout 60s;

    # Prevent 504 on large responses
    fastcgi_buffers 8 16k;
    fastcgi_buffer_size 32k;
    fastcgi_max_temp_file_size 0;
}

    If you have a CDN or load balancer in front (Cloudflare, AWS ALB), add that to the chain too:

    CDN (100s) → Nginx (300s) → PHP-FPM (0) → PHP (300s)
                                              ↑ This is the actual limit

    The debugging trick

    When you get a 504, test from the inside out:

    1. Hit PHP-FPM directly (bypass Nginx): Does the request complete?
    2. Hit Nginx locally (bypass CDN): Does it time out?
    3. Hit the public URL: Does the CDN add its own timeout?

    This tells you exactly which layer is killing the request. Compare your local dev config against production — often the mismatch is the missing fastcgi_read_timeout that production has but your Docker setup doesn’t.

    Rule of thumb: every layer’s timeout should be ≥ the layer below it. If PHP allows 300s, Nginx must allow at least 300s. If Nginx allows 300s, the CDN must allow at least 300s. One weak link and the whole chain breaks.

  • Don’t Let Eagerly Loaded Config Crash Code Paths That Don’t Use It

    Don’t Let Eagerly Loaded Config Crash Code Paths That Don’t Use It

    Here’s a subtle way constructors can blow up in production: eagerly loading optional configuration that the current execution path doesn’t need.

    Imagine you have a class that manages API credentials for both live and sandbox modes:

    class GatewayCredentials
{
    private string $apiKey;
    private ?string $sandboxApiKey;
    private string $secretKey;
    private ?string $sandboxSecretKey;

    public function __construct(array $config, array $sandboxConfig)
    {
        $this->apiKey = $config['api_key'];
        $this->sandboxApiKey = $sandboxConfig['api_key'];     // 💥 crashes here
        $this->secretKey = $config['secret_key'];
        $this->sandboxSecretKey = $sandboxConfig['secret_key']; // 💥 or here
    }
}

    The constructor always loads both live and sandbox credentials, even when the app is running in production mode and will never touch the sandbox values. If the sandbox config is incomplete (missing keys, empty array, or null), PHP 8 promotes undefined array key access from a notice to a warning — and frameworks like Laravel convert that warning into an ErrorException — and your production checkout page crashes because of test data that isn’t even needed.

    The fix: defer with null coalescing

    class GatewayCredentials
{
    private string $apiKey;
    private ?string $sandboxApiKey;
    private string $secretKey;
    private ?string $sandboxSecretKey;
    private bool $sandboxMode;

    public function __construct(array $config, array $sandboxConfig, bool $sandboxMode = false)
    {
        $this->sandboxMode = $sandboxMode;

        // Live credentials are always required
        $this->apiKey = $config['api_key'];
        $this->secretKey = $config['secret_key'];

        // Sandbox credentials are optional — don't crash if missing
        $this->sandboxApiKey = $sandboxConfig['api_key'] ?? null;
        $this->sandboxSecretKey = $sandboxConfig['secret_key'] ?? null;
    }

    public function getApiKey(): string
    {
        return $this->sandboxMode
            ? ($this->sandboxApiKey ?? throw new \RuntimeException('Sandbox API key not configured'))
            : $this->apiKey;
    }
}

    The key insight: use ?? for optional config in the constructor, but fail loudly at the point of use if the value is actually needed. This way:

    • Production never crashes due to missing test config
    • Sandbox mode still fails fast with a clear error message
    • The constructor stays defensive without hiding real problems

    This pattern applies anywhere you have multi-environment or multi-mode configuration. Don’t let eagerly loaded optional data crash the paths that don’t use it.

  • Always Hunt for Orphaned Code After a Bug Fix

    Always Hunt for Orphaned Code After a Bug Fix

    You find the bug. It’s a one-liner — the wrong array key was being used in a calculation. You swap it, tests pass, PR ready.

    But you’re not done yet.

    The One-Liner That Revealed Dead Code

    After fixing a calculation that was reading from the wrong field in a data array, I asked a simple question: is the old field still used anywhere?

    A quick grep showed it wasn’t. The entire block that computed that intermediate value — an assignment, a conditional, a helper call — was now dead code. Nobody else referenced it. The bug fix had made it obsolete.

    What started as a 1-line insertion became a 1-line insertion + 8-line deletion. The codebase got smaller and cleaner.

    Why This Matters

    Every dead code block is:

    • A maintenance trap. Someone will read it later and try to understand why it exists.
    • A false signal. It implies the computed value matters. Future developers might wire it back in.
    • A merge conflict magnet. It takes up space in files that people will edit for unrelated reasons.

    The Post-Fix Checklist

    After every bug fix, before you open the PR, run through this:

    1. Search for the old value. If you changed which variable/field is read, check if the old one is still referenced. grep -rn 'old_field_name' app/
    2. Trace the computation chain. If the fix changed a formula’s input, check if any intermediate variables in the old computation are now unused.
    3. Check the callers. If you changed a method’s return value, verify all callers still make sense.
    4. Look one level up. Sometimes fixing a bug in a helper method means the error-handling code that worked around that bug is now unnecessary.

    A Real Metric

    Some of the best PRs I’ve reviewed have more deletions than insertions. A bug fix that deletes more than it adds is a sign that someone actually understood the ripple effects of their change.

    The fix is the minimum. The cleanup is the craftsmanship.

  • Exponential Backoff: Why attempts⁴ and attempts⁵ Are Not the Same

    Exponential Backoff: Why attempts⁴ and attempts⁵ Are Not the Same

    Your queue job hits a rate limit. You need exponential backoff. But which formula?

    Here are two real patterns I’ve seen coexist in the same codebase — and the differences matter more than you’d think.

    Pattern A: attempts⁴ + Jitter

    catch (RateLimitedException $e) {
    $this->release(($this->attempts() ** 4) + random_int(0, 40));
}

    Pattern B: Base Delay + attempts⁵

    protected function getDelay(): int
{
    return 30 + $this->attempts() ** 5;
}

catch (RateLimitedException $e) {
    $this->release($this->getDelay());
}

    The Numbers Tell the Story

    Let’s calculate the actual delays:

    Pattern A (attempts⁴ + random(0, 40)):

    • Attempt 1: 1–41 seconds
    • Attempt 2: 16–56 seconds
    • Attempt 3: 81–121 seconds (~2 min)
    • Attempt 4: 256–296 seconds (~5 min)
    • Attempt 5: 625–665 seconds (~11 min)

    Pattern B (30 + attempts⁵):

    • Attempt 1: 31 seconds
    • Attempt 2: 62 seconds
    • Attempt 3: 273 seconds (~4.5 min)
    • Attempt 4: 1,054 seconds (~17.5 min)
    • Attempt 5: 3,155 seconds (~52 min)

    When to Use Which

    Pattern A is for user-facing work. Order processing, payment confirmations, notification delivery — anything where a customer is waiting. The lower exponent (⁴ vs ⁵) keeps retry times reasonable. The random jitter prevents thundering herd problems when dozens of jobs fail simultaneously and would otherwise all retry at the exact same second.

    Pattern B is for background synchronization. Data imports, inventory syncs, report generation — work that can wait. The higher exponent (⁵) creates a much steeper curve that backs off aggressively. The 30-second base floor means you never retry immediately, giving the remote service real breathing room.

    Why Jitter Matters

    Pattern A’s random_int(0, 40) isn’t cosmetic. Without it, if 50 jobs hit a rate limit at the same time, they all retry at exactly attempts⁴ seconds later — probably hitting the rate limit again. Jitter spreads them across a 40-second window.

    Pattern B skips jitter because background jobs are already spread out. They don’t pile up the same way user-triggered actions do.

    The Takeaway

    Don’t just copy the first backoff formula you find. Think about:

    1. Who’s waiting? Users → lower exponent, faster retries
    2. How many concurrent failures? Many → add jitter
    3. How sensitive is the API? Very → higher exponent, base delay floor

    Pick the curve that matches your use case. One size doesn’t fit all, even within the same application.

  • Laravel Queued Event Listeners Need InteractsWithQueue for Retries

    Laravel Queued Event Listeners Need InteractsWithQueue for Retries

    You implement ShouldQueue on your event listener, add a catch block for rate limit exceptions, and write $this->release(60) to retry after a delay. Looks right. Ship it.

    Then it blows up in production: “Call to undefined method release()”.

    The Missing Piece

    When a Laravel queued event listener implements ShouldQueue, it gets wrapped in a CallQueuedListener job under the hood. But the listener class itself doesn’t automatically get queue interaction methods like release(), attempts(), or delete().

    You need the InteractsWithQueue trait:

    use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Queue\InteractsWithQueue;

class ProcessOrderUpdate implements ShouldQueue
{
    use InteractsWithQueue;

    public function handle(OrderStatusChanged $event): void
    {
        try {
            $this->processor->process($event->order);
        } catch (RateLimitedException $e) {
            // Without InteractsWithQueue, this line crashes
            $this->release(($this->attempts() ** 4) + random_int(0, 40));
        }
    }
}

    Why It’s Easy to Miss

    Queued jobs (extending Illuminate\Bus\Queueable) typically include InteractsWithQueue in their boilerplate. It’s so common you never think about it. But queued event listeners are a different class hierarchy — they implement the interface without the trait.

    The confusing part: everything works without the trait until you try to call release() or attempts(). Your listener queues fine, executes fine, and only fails when you need retry control.

    The Fix

    Simple rule: if your queued listener needs to control its own retry behavior — releasing back to the queue, checking attempt count, or deleting itself — add use InteractsWithQueue.

    Without it, you have a listener that can be queued but can’t manage its own lifecycle. With it, you get the full toolkit:

    • $this->release($delay) — put it back on the queue
    • $this->attempts() — how many times it’s been tried
    • $this->delete() — remove it from the queue

    Check your queued listeners. If any of them catch exceptions and try to retry, make sure they have the trait. The error won’t surface until that catch block actually executes — which is usually production, under load, at the worst possible time.

  • When Boolean Logic Lies: Debugging Inverted Conditions

    Five classes. Same trait. Same boolean helper method. Every single one had the condition inverted. And nobody noticed for over a year.

    The Setup

    A reporting module had several column classes that all shared a trait:

    trait ChecksEligibility
{
    private function isEligible(Order $order): bool
    {
        $exemptTypes = config('reports.exempt_types', []);
        return !in_array($order->type, $exemptTypes);
    }
}

    Simple enough. Returns true for most orders, false for exempt ones. Five different report column classes used this trait to decide whether to apply a calculation:

    class TotalBeforeAdjustment extends ReportColumn
{
    use ChecksEligibility;

    public function getValue(Order $order): float
    {
        if (!$this->isEligible($order)) {
            return $order->total / 1.09; // Remove the 9% adjustment
        }

        return $order->total; // No adjustment needed
    }
}

    Spot the bug?

    The Inversion

    The ! negation is backwards. For eligible orders (the common case), it should apply the calculation. For exempt orders, it should skip it. But the ! flips the logic — exempt orders get calculated, eligible ones don’t.

    Every class using this trait had the same inverted condition. Somewhere, the first developer misread what isEligible returned, and everyone else copy-pasted the pattern.

    How to Find It: Empirical Debugging

    Don’t trust your reading of the code. Run it.

    // In artisan tinker
$order = Order::find(12345); // Known eligible order
$column = new TotalBeforeAdjustment();
$column->getValue($order);
// Expected: 100.00 (no adjustment)
// Got: 91.74 (adjustment applied!)

$exemptOrder = Order::find(67890); // Known exempt order
$column->getValue($exemptOrder);
// Expected: 91.74 (adjustment applied)
// Got: 100.00 (no adjustment!)

    Two test cases. One eligible, one exempt. The outputs are swapped. Bug confirmed in under 30 seconds.

    The Fix

    // Before (wrong)
if (!$this->isEligible($order)) {

// After (correct)
if ($this->isEligible($order)) {

    One character removed. Repeated across 5 classes.

    Why It Hid for So Long

    Three reasons:

    1. Low-traffic feature. The report was used monthly by a handful of people. Nobody cross-checked the numbers against source data.
    2. Method naming confusion. “isEligible” could reasonably mean either “should we apply the calculation” or “is this order in the standard category”. The name was technically correct but invited misinterpretation.
    3. Copy-paste propagation. Once the first class got it wrong, every subsequent class copied the same pattern. Consistency made the bug look intentional.

    Prevention

    When you share boolean helpers via traits:

    • Name the method for what the CALLER does with it. shouldApplyAdjustment() is harder to invert than isEligible().
    • Add a unit test with both cases. One eligible, one exempt. Takes 2 minutes, catches inversions immediately.
    • Be suspicious of ! before trait methods. If every consumer negates the return value, either the method name is misleading or the logic is inverted.

    The takeaway: Boolean bugs don’t crash your app — they silently produce wrong data. The only reliable way to catch them is to test with known inputs and verify the outputs match your expectations. Read the code, then run the code.

  • Extract Nested Closures Into Named Private Methods

    You’re reading a method and hit something like this:

    $results = $categories->map(function ($category) use ($config) {
    return $category->items->filter(function ($item) use ($config) {
        return $item->variants->map(function ($variant) use ($config, $item) {
            $basePrice = $variant->price * $config->multiplier;
            $discount = $item->hasDiscount() ? $basePrice * $item->discountRate() : 0;
            return [
                'sku' => $variant->sku,
                'final_price' => $basePrice - $discount,
                'label' => "{$item->name} — {$variant->size}",
            ];
        })->filter(fn ($v) => $v['final_price'] > 0);
    })->flatten(1);
})->flatten(1);

    Three levels deep. Four use imports. By the time you reach the inner logic, you’ve lost the context of the outer layers. This is the closure nesting trap.

    Extract and Name

    Pull the inner closure into a private method with a name that describes what it does:

    $results = $categories->map(function ($category) use ($config) {
    return $category->items
        ->flatMap(fn ($item) => $this->buildVariantPrices($item, $config))
        ->filter(fn ($v) => $v['final_price'] > 0);
})->flatten(1);

private function buildVariantPrices(Item $item, PricingConfig $config): Collection
{
    return $item->variants->map(function ($variant) use ($config, $item) {
        $basePrice = $variant->price * $config->multiplier;
        $discount = $item->hasDiscount() ? $basePrice * $item->discountRate() : 0;

        return [
            'sku' => $variant->sku,
            'final_price' => $basePrice - $discount,
            'label' => "{$item->name} — {$variant->size}",
        ];
    });
}

    Why This Works

    The parent chain becomes scannable. You can read the top-level flow — map categories, build variant prices, filter positives — without parsing the inner logic. The method name tells you what happens; the method body tells you how.

    Type hints become possible. The extracted method can declare its parameter and return types. The closure couldn’t.

    Testing gets easier. You can test buildVariantPrices() directly with a mock item and config, without setting up the full category→item→variant hierarchy.

    The Rule of Thumb

    If a closure:

    • Has more than 2 use imports
    • Is nested inside another closure
    • Contains more than 5 lines of logic

    …extract it into a named private method. The method name acts as documentation, and the signature acts as a contract.

    The takeaway: Closures are great for simple transformations. But when they nest, they become anonymous complexity. Give them a name, and your code reads like an outline instead of a puzzle.

  • Exception Hierarchies: Control Laravel Queue Retry Behavior

    Here’s a scenario every Laravel developer hits eventually: your queue job integrates with a third-party API, and that API starts returning errors. Your job dutifully retries 5 times, backs off, and eventually fails. Multiply that by thousands of jobs, and suddenly your queue is clogged with doomed retries.

    The problem? Not all errors deserve retries.

    The Setup

    Imagine a job that syncs inventory from an external REST API:

    class SyncInventoryJob implements ShouldQueue
{
    public $tries = 5;
    public $backoff = [10, 30, 60, 120, 300];

    public function handle()
    {
        try {
            $response = $this->apiClient->fetchInventory($this->productId);
            $this->processResponse($response);
        } catch (RateLimitedException $e) {
            $this->release($e->retryAfter());
        } catch (TemporarilyUnavailableException $e) {
            $this->delete();
            Log::warning("API unavailable for product {$this->productId}, removing from queue");
        } catch (\Exception $e) {
            // Generic retry — but should we?
            throw $e;
        }
    }
}

    The catch blocks form a hierarchy: rate-limited gets a smart release, temporarily unavailable gets deleted, and everything else retries via the default mechanism.

    The Bug

    The API client was throwing a generic ApiException for every failure — including vendor-side database errors that would never self-resolve. These fell through to the generic \Exception catch, triggering 5 retries each.

    With 4,000 affected products, that’s 20,000 wasted queue attempts hammering a broken endpoint.

    The Fix

    Map vendor-side errors to your existing exception hierarchy:

    class ApiClient
{
    public function fetchInventory(string $productId): array
    {
        $response = Http::get("{$this->baseUrl}/inventory/{$productId}");

        if ($response->status() === 429) {
            throw new RateLimitedException(
                retryAfter: $response->header('Retry-After', 60)
            );
        }

        if ($response->serverError()) {
            $body = $response->body();

            // Vendor-side errors that WE can't fix
            if (str_contains($body, 'Internal Server Error')
                || str_contains($body, 'database timeout')) {
                throw new TemporarilyUnavailableException(
                    "Vendor-side error: {$response->status()}"
                );
            }
        }

        if ($response->failed()) {
            throw new ApiException("API error: {$response->status()}");
        }

        return $response->json();
    }
}

    The key insight: TemporarilyUnavailableException already existed in the job’s catch hierarchy. We just needed the API client to throw it for the right situations. No job changes required.

    The Pattern

    Design your exception hierarchy around what the caller should do, not what went wrong:

    • RateLimitedException → release with delay (their problem, temporary)
    • TemporarilyUnavailableException → delete, don’t retry (their problem, not our concern)
    • InvalidConfigException → fail permanently (our problem, needs code fix)
    • Generic Exception → retry with backoff (unknown, worth trying)

    When a new error type appears, you don’t change the job — you classify it into the right exception type at the source.

    The takeaway: Exception hierarchies in queue jobs aren’t just about catching errors. They’re a retry policy DSL. Each exception class encodes a decision about what to do next. Make that decision at the API client level, and your jobs stay clean.