Why we chose Laravel for Bespoke Web Applications

As an agency we have been building bespoke web applications for 15+ years. Almost always our clients are after some combination of:

• Quality & stability
• Performance & scalability
• Low cost & short timeframes
• Security

For most of these years our custom projects were built on top of a Content Management System we developed in-house called “SiteHQ”. As it’s code base has grown and the web has evolved it has become more difficult to achieve the above 4 goals, so we’ve been looking around for a suitable replacement.

As web nerds we’ve dabbled in various technologies and frameworks over the years. We’ve even built a couple of projects using Laravel including an API for an ecommerce iOS App, and another which was a SaaS solution for trades to make quoting on jobs really easy. While Laravel was specifically chosen for those 2 projects we felt that Laravel would be a great fit for all future projects as it really nails our primary four goals. Here’s why:

Quality & stability

1. Well documented
2. Well known
3. Test Driven Development (TDD) friendly
4. DB migrations

Laravel is the most starred backend framework on Github. The docs are beautifully laid out, the core framework is impeccably commented, and there’s plenty of community support and learning resources. This makes it easy to onboard our team and enjoyable to work with. It also means there is no vendor lock-in for our clients.

Test Driven Development (TDD) is available out of the box and supported as a first-class citizen. TDD revolves around the idea of writing tests first, implementing the minimum code necessary to get that test passing, and then refactoring to clean up the implementation. Using TDD ensures quality tests are in place for all features and gives developers the confidence to fearlessly refactor the codebase knowing they’ll be alerted to any regressions. This will help our team keep projects lean and stable for years to come.

With Laravel Dusk we can run browser tests, essentially running the application exactly the way an end user would. This gives us much greater confidence the application is working the way it was designed, even in the day and age of JavaScript-heavy front ends where HTTP-only tests won’t detect all issues.

DB migrations ensure changes are performed in a consistent and repeatable way. They become really useful when multiple developers are involved in a project, or as the project shifts from the development / launch phase into the maintenance phase. Without migrations it’s easy to lose track of which DB changes were made in order to fix a bug or implement a new feature. I love how even the DB structure is described as code and can be tracked in Git.

Performance & scalability

1. Interoperable with cloud services
2. Can be load balanced
3. Real-time (using Pusher)
4. Background jobs & asynchronous processing (using Queues)
5. Scheduled (CRON) tasks

Laravel applications perform well and are cost efficient when setup on a single server (running Apache/Nginx, MySQL, Redis etc). As more resources are required it is easy to separate MySQL & Redis into their own dedicated servers. If the application needs to handle a massive volume of traffic Laravel also runs well when deployed across several servers behind a load-balancer / proxy.

Laravel supports a variety of Amazon services, making it easy to grow beyond a single server as demand for the application increases:

• SES (email sending)
• SQS (background jobs / queues)
• Elasticache (Redis caching & PHP sessions)
• S3 (file storage)

Queues are another game-changer. Any work that doesn’t have to be done right now can be offloaded and done later to keep the UX fast (eg. sending a welcome email, pushing data to an API). One of the things I love about Javascript is programming asynchronously, and with queues we can get a taste of that in PHP-land. Queues also enable us to distribute work across multiple servers (eg. image resizing, subscription payment processing). We could even auto-scale the number of processing servers based on the amount of work to be done (eg. number of images to be resized).

With scheduled tasks I love that we only have to set up a single job in Crontab and the rest is done in code. It’s easy to see exactly what jobs were added/removed/changed over time (using Git). CRON’s can even be run safely in a multi-server environment.

Low cost & short timeframes

1. Reasonable defaults
2. Artisan can scaffold out classes
3. Import from Packagist
4. Easy to build custom JSON API’s
5. DB migrations & seeds

In short, it’s faster for us to start working on actual features with Laravel as the boilerplate is taken care of (which normally takes us time, but provides no benefit to the client). Artisan’s “make” commands which help generate new models, controllers, factories etc is one example of how we can get started quickly.

Using Packagist & Composer we can import a wide range of quality components from the community. This enables us to focus on implementing features (eg. sync data with Infusionsoft & Xero, or offer single-sign-on with Office 365) rather than setting up API helper classes or auth schemes.

Given the trend towards Single Page Applications (SPA’s), “headless” and multi-client applications I really appreciate how easy it is to build JSON API’s complete with authentication, rate-limiting middleware etc. Most of the work is done out of the box. It makes it easy to bolt-on a frontend of choice (eg. React Native mobile app, Amazon Alexa, IFTTT).

DB migrations & seeds make it much faster for new developers to get up and running with a fresh database, complete with auto-generated sample data. As an agency this reduces the setup time and inherent risk in swapping between team members, meaning we can more freely allocate our team resources and improve our internal efficiency.

Security

1. Open source & actively maintained
2. Incorporates many PHP & web best practices
3. Built-in authentication with strong password hashing

Being an open source project the framework is constantly scrutinised by the community who contribute security patches when flaws are found. Security patches and bug fixes are published weekly, and major releases are published every 6 months.

Laravel also offer Long Term Support (LTS) releases, giving more risk-averse clients the peace of mind the foundation of their application is not going to become unsupported in a short period of time.

In most cases security doesn’t make products more profitable, but it does have the potential to inflict significant harm, so we really appreciate how the Laravel team have given this thought and encouraged good security patterns and practices throughout the framework and in the docs (eg. XSS and CSRF protection, mass assignment in models).

Out of the box Laravel ships with a user authentication system, enabling the right people to access the application and API. It uses Bcrypt or Argon2 for password hashing, both of which can be adjusted to counter future increases in compute power (keeping the passwords difficult to crack).

Our next steps

Laravel has all the right pieces we need to build an application quickly, keep it well maintained and scale it up as demand grows. The framework itself is expressive and elegant, making it fun for developers to work with. We’re excited to build out future bespoke projects using the framework.

Currently we’re working on a frontend boilerplate for the Voyager Admin interface (which runs on Laravel). We’re also working on building out a few modules & features our clients commonly request (and previously offered in SiteHQ).

I’m sure we’ll have more to share of our adventures with Laravel in the future!