MoreRSS

site iconThe Practical DeveloperModify

A constructive and inclusive social network for software developers.
Please copy the RSS to your reader, or quickly subscribe to:

Inoreader Feedly Follow Feedbin Local Reader

Rss preview of Blog of The Practical Developer

Mastering Odoo 18: Our Epic Journey Through Real-time Chat & Cron Job Nightmares

2025-08-01 01:23:15

A Battle Log of Debugging, Breakthroughs, and the Power of Persistence in a Multi-Instance Docker Setup

As an IT company specializing in Odoo implementation, we recently faced a formidable challenge: a client's Odoo 18 Community Edition deployment was plagued by non-functional real-time chat and recurring database lock errors. What began as a seemingly simple issue quickly escalated into a complex debugging saga across Docker, Caddy, and Cloudflare.

This post chronicles our journey, detailing the specific errors (RuntimeError: OrderedDict mutated during iteration, ValueError in GeoIP, WorkerCron timeouts), the systematic troubleshooting steps, and the precise configuration adjustments that finally brought stability and full functionality to Odoo 18's real-time communication and cron system.

If you're an Odoo administrator, developer, or system engineer dealing with similar Odoo 18 performance or real-time issues in a Docker environment, our experience offers valuable insights and practical solutions.

[Continue with the full content from your blog post/forum answer]

odoo, odoo18, docker, devops, sysadmin, troubleshooting, postgresql, realtime, websockets, python, database, web-development

personal portfolio test1

2025-08-01 01:15:35

personal portfolio test 1
bold
italic
link to youtube

  1. ordered
  2. list
  • unordered
  • list

h1

h2

h3

h4

h5
h6

quote

code inline inline code

code block


YouTube Embed

Dart and Exception Handling: No Guardrails, Only Discipline

2025-08-01 01:13:30

Have you ever relied on Dart’s throw and thought, “Great—now my callers are forced to handle this”? Think again. In Java and its cousins, exception chaining is a first-class citizen: you catch, chain, and let the compiler enforce your discipline. In Dart (and by extension Flutter), you’re on your own.

Exception Chaining in Java: A Quick Recap

Java’s checked exceptions bite when they must. If a method declares throws IOException, every caller up the chain either handles it or propagates it. And when you rethrow, you do it right:

try {
  riskyOperation();
} catch (IOException e) {
  throw new MyAppException("failed to do the thing", e);
}

That little , e preserves the stack trace and makes debugging a dream. Learn more on exception chaining Wikipedia.

Dart’s “Freedom” Feels a Lot Like No Guardrails

Dart’s type system doesn’t distinguish between checked and unchecked exceptions—all are unchecked. You can write:

void doSomethingRisky() {
  throw StateError('something went terribly wrong');
}

…and your callers aren’t even reminded to catch it. There’s no compiler error, no warning—nothing. You have to remember, by convention, that doSomethingRisky() might explode.

Even Result<T> Patterns Don’t Save You

“Okay,” you say, “I’ll wrap everything in a Result<T> so that forgetting to handle it is impossible.” Not quite. In Dart:

final result = await getUser();

There’s… nothing stopping you from parking result in a corner, ignoring its .isSuccess, and then accessing .value. At runtime? Boom—a throw you forgot to anticipate. You traded one potential uncaught exception for another.

Catching Errors (If You Care)

A good rule of thumb is “catch if you can, otherwise let it bubble”—but since Dart never forces you to catch in the first place, the habit rarely forms. Consider these behaviors:

Dart Effect
No catch Bubbles up silently—no compile-time reminder
catch (e) { rethrow; } Bubbles up with original stack trace
catch (e) { throw e; } Bubbles up losing original stack trace

Nullable Responses: The Invisibility Cloak

Returning T? or Future<T?> might seem like a gentle way to sidestep exceptions:

Future<User?> fetchUser() async {
  try {
    return await api.getUser();
  } catch (e) {
    log(e);
    return null;
  }
}

But now, instead of an explicit error, all you have is a silent null. The real crime? You’ve lost the ability to bubble up the original error. The stack trace, the exception type, the context—all vanished in the void. Without that, diagnosing failures becomes a wild goose chase.

A Pragmatic Prescription

  1. Be deliberate. Whether you throw or return null (or wrap in Result), pick a convention and document it.
  2. Catch at the edges. Localize unchecked exceptions at boundaries—UI layer, service layer—where you can log and recover.
  3. Preserve your traces. If you catch and rethrow, use rethrow so the original stack isn’t lost.
  4. Enforce via tooling. Automate linting to flag un-caught futures or raw throw without surrounding try/catch.
  5. Educate your team. Habits form from code reviews: make error-handling expectations crystal clear.

Dart may not force error handling—but with discipline, conventions, and the right practices, you can. Catch if you can; otherwise, be ready to bear the pain.

I hated React, so I created my own web framework, Nijor !

2025-08-01 01:00:32

Origin Story

In 2020, at the age of 14, I stumbled upon React. Its complexity intimidated me, but the idea of custom HTML tags through components sparked my curiosity. Inspired by React and Vue, I set out to build my own web framework from scratch. By the end of the year, after countless hours of effort, I had created Nijor : a lightweight framework powered by JavaScript classes which allowed developers to write custom HTML tags. I was just shy of my 15th birthday when I completed the first version.

Why "Nijor" ?

The name Nijor comes from the Assamese word "নিজৰ," meaning "my own." It reflects the framework’s core philosophy: empowering developers to craft their own custom HTML tags with unique attributes, tailored to their needs.

Why Choose Nijor ?

Reusable Components : Nijor lets you write modular, reusable components in *.nijor files. This keeps your codebase clean, organized, and easier to debug, saving time and effort.

Scoped CSS : Say goodbye to CSS conflicts. Nijor scopes styles to individual components, ensuring they don’t interfere with each other. Need global styles? Just add them to style.css.

Effortless Routing : Nijor’s file-system-based client-side router works out of the box. No configuration or extra code is needed, and it supports parameterized routing for dynamic pages.

Server-Side Rendering (SSR) : Nijor supports SSR with a unique approach, setting it apart from other frameworks and enabling faster page loads.

Reactivity (Beta) : Experiment with reactive variables using a specialized JavaScript syntax. While still in development, this feature lays the groundwork for dynamic, responsive applications.

How does Nijor work ?

Nijor uses Rolldown (earlier used Rollup) and JSDOM behind the scene to compile all the *.nijor files to browser readable *.js files.

Get Started with Nijor !

Ready to explore ? Check out the Nijor Docs.

👋 What is SqueHub?

2025-08-01 00:53:42

SqueHub is a modern PHP framework designed to help developers build scalable, secure, and elegant web applications with minimal overhead. Inspired by Laravel but built to be lightweight and flexible, SqueHub is perfect for those who want full control over their stack without sacrificing developer experience.

🔥 Key Features

🧠 Blade-like templating engine
*Includes *@include
, @section, @yield, @extends, and more.

**🧩 Simple routing system
**Define routes with clean closures or controller actions.

**🔒 CSRF protection out of the box
**Built-in helpers for secure forms.

📦 Composer-based packages
**Extend your app with optional modules like **squehub/authenticator
, squehub/dataAnalyst, and more.

**🔧 MVC architecture
**Familiar folder structure, built for clarity and scale.

**⚡ Fast performance
**No unnecessary bloat. Just you and the tools you need.

**📈 Recent Improvements (v1.2.0)
**Dynamic view section parsing with support for layouts and inheritance

Blade-style control structures: @if, @foreach, @else, @endif, etc.

SEO meta tags, sitemap generator, and robots.txt support

More flexible URL routing with middleware support

Custom .squehub.php view extension handling

View caching system (via storage/cache/)

🌍 Who Is It For?
Indie developers building fast MVPs

Backend devs who prefer PHP and control

Educators and learners seeking clarity without bloat

Teams who want customizable foundations

*📌 Get Started
*
🚧 Official site: https://www.squehub.com
📦 GitHub https://www.github.com/squehub
🐘 PHP 8.2+ required

🙌 Join the Community
**
SqueHub **is open-source and actively evolving. We’re looking for early adopters, contributors, and PHP enthusiasts to help shape the future of the framework.

👉 Follow this org for updates
💬 Drop questions, feedback, or ideas in the comments
🤝 Interested in contributing? Let’s connect!

Securing REST APIs in Go (Echo Framework Edition)

2025-08-01 00:53:32

Hi there! I'm Maneshwar. Right now, I’m building LiveAPI, a first-of-its-kind tool that helps you automatically index API endpoints across all your repositories. LiveAPI makes it easier to discover, understand, and interact with APIs in large infrastructures.

🔐 Securing REST APIs in Go (Echo Framework Edition)

APIs are a goldmine for attackers if not properly secured. In this guide, we’ll lock down an API built using the Echo web framework.

The focus will be on securing headers, input validation, rate limiting, and other best practices.

Project Setup

Install Echo and required dependencies:

go get github.com/labstack/echo/v4
go get github.com/labstack/echo/v4/middleware

1. Set Security Headers

Security headers protect against attacks like MIME sniffing, clickjacking, and XSS.

e.Use(middleware.SecureWithConfig(middleware.SecureConfig{
    XFrameOptions:         "DENY",            // Clickjacking
    XContentTypeOptions:   "nosniff",         // Prevent MIME sniffing
    ContentSecurityPolicy: "default-src 'none'", // Prevent loading external scripts
}))

You can also force Content-Type:

e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
    return func(c echo.Context) error {
        c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
        return next(c)
    }
})

2. Strip Fingerprinting Headers

Echo adds the Server header by default. You can strip it manually:

e.HideBanner = true
e.HidePort = true

e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
    return func(c echo.Context) error {
        c.Response().Header().Del("Server")
        c.Response().Header().Del("X-Powered-By")
        return next(c)
    }
})

3. JWT Authentication

Use github.com/golang-jwt/jwt/v5 with Echo’s JWT middleware:

go get github.com/golang-jwt/jwt/v5
import (
    "github.com/labstack/echo/v4/middleware"
    "github.com/golang-jwt/jwt/v5"
)

e.Use(middleware.JWTWithConfig(middleware.JWTConfig{
    SigningKey: []byte("your-secret-key"),
}))

To generate a token on login:

token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
    "user_id": 1,
    "exp":     time.Now().Add(time.Hour * 1).Unix(),
})

tokenStr, _ := token.SignedString([]byte("your-secret-key"))
return c.JSON(http.StatusOK, echo.Map{"token": tokenStr})

4. Return Only Required Data

Don’t leak internal DB fields or sensitive info.

type User struct {
    ID    int    `json:"id"`
    Name  string `json:"name"`
    // Password omitted on purpose
}

func getUser(c echo.Context) error {
    u := User{ID: 1, Name: "John"}
    return c.JSON(http.StatusOK, u)
}

5. Use Proper HTTP Status Codes

Make sure each endpoint sends meaningful response codes.

if userNotFound {
    return c.JSON(http.StatusNotFound, echo.Map{"error": "User not found"})
}
if !authenticated {
    return c.JSON(http.StatusUnauthorized, echo.Map{"error": "Unauthorized"})
}

Status codes:

  • 200 OK
  • 400 Bad Request
  • 401 Unauthorized
  • 403 Forbidden
  • 404 Not Found
  • 405 Method Not Allowed

6. Rate Limiting

Echo doesn't include native rate limiting but you can plug in something like golang.org/x/time/rate or a third-party middleware like echo-contrib/ratelimiter.

Basic example with token bucket (in-memory):

import "golang.org/x/time/rate"

var limiter = rate.NewLimiter(1, 5) // 1 request per second, burst of 5

e.Use(func(next echo.HandlerFunc) echo.HandlerFunc {
    return func(c echo.Context) error {
        if !limiter.Allow() {
            return c.JSON(http.StatusTooManyRequests, echo.Map{"error": "Too Many Requests"})
        }
        return next(c)
    }
})

7. Input Validation & Sanitization

Use github.com/go-playground/validator/v10 for input validation:

go get github.com/go-playground/validator/v10
type LoginInput struct {
    Email    string `json:"email" validate:"required,email"`
    Password string `json:"password" validate:"required,min=6"`
}

func login(c echo.Context) error {
    var input LoginInput
    if err := c.Bind(&input); err != nil {
        return c.JSON(http.StatusBadRequest, echo.Map{"error": "Invalid body"})
    }

    validate := validator.New()
    if err := validate.Struct(input); err != nil {
        return c.JSON(http.StatusBadRequest, echo.Map{"error": "Validation failed"})
    }
    return c.JSON(http.StatusOK, echo.Map{"message": "Logged in"})
}

8. Centralized Error Handler

Avoid leaking stack traces or sensitive errors.

e.HTTPErrorHandler = func(err error, c echo.Context) {
    code := http.StatusInternalServerError
    msg := "Internal Server Error"

    if he, ok := err.(*echo.HTTPError); ok {
        code = he.Code
        msg = fmt.Sprintf("%v", he.Message)
    }
    c.JSON(code, echo.Map{"error": msg})
}

Final Recap

Task Implementation
Set security headers middleware.SecureWithConfig
Strip server fingerprinting Manual headers removal
JWT Authentication middleware.JWTWithConfig
Input validation go-playground/validator
Proper status codes Manual response management
Rate limiting x/time/rate or contrib
Sanitize output Avoid returning sensitive fields
Central error handler Custom error function

Ready to Deploy?

  • Use HTTPS in production (TLS termination with Nginx or Caddy).
  • Keep secrets and credentials out of source code.
  • Regularly update dependencies.
  • Monitor and audit API access.

LiveAPI helps you get all your backend APIs documented in a few minutes.

With LiveAPI, you can generate interactive API docs that allow users to search and execute endpoints directly from the browser.

LiveAPI Demo

If you're tired of updating Swagger manually or syncing Postman collections, give it a shot.