Preventing destructive rollback command: New in Laravel

Sign in Get started

Playing

20. Preventing destructive rollback command

Episodes

0%

Your progress

Total: 2h 34m
Played: 0m
Remaining: 2h 34m

Join or sign in to track your progress

01. Laravel 11

01. The defer() function

02. Flexible cache method

03. firstOrFail on the DB query builder

04. Temporary URLs for the local filesystem

05. The log() helper

06. The when() helper

07. Skipping queued jobs

08. Concurrency

09. Set a Default Currency for the Number Helper

10. String doesntContain() method

11. Composer dev command

12. CollectedBy Attribute

13. Conditionable trait added to routes

14. Spelling ordinals as words

15. Accessing request data fluently

16. URI Parsing and Mutation

17. Fluent Email Validation Rule

18. Pipelines Receive a finally() Method

19. Eloquent incrementOrCreate

20. Preventing destructive rollback command

21. Eloquent Relative Date Helpers

22. The withAttributes relationship method

02. Laravel 12

23. Asserting only specific validation errors

24. How to Install Breeze on Laravel 12

25. ddBody test method

26. HasOneThrough gets ofMany support

Transcript

00:00

If you didn't already know that Laravel allows you to prohibit destructive commands,

00:05

I'm going to show you that first and then we're going to look at an addition to this that has recently been added. So let's go ahead and first of all look at the ability to prohibit destructive commands. What does this mean? Why would we do this? Well we know that when we are in a local environment, so at the moment my app env is set to local,

00:24

we can do pretty much anything we want. So we can go ahead and roll back our migrations, all that kind of stuff. It doesn't matter because we're in a local environment. However, as soon as we switch over to a different environment or have a different condition for this,

00:39

these commands become destructive because we could potentially lose a lot of data. So how do we go ahead and stop this happening in production? Well Laravel already has mechanisms to allow you to potentially prevent these destructive commands being run by default. So for example, if I go ahead and run phparts and migrate rollback when env is set to production,

01:05

this will give me a big warning and it will ask me if I'm sure I want to run this command with no being the default selected. So the mechanism is already in place to stop this happening, but we can take it one step further. Now this isn't something that is new to Laravel very recently, but I'm going to show you that now and then I'm going to show you what has been added.

01:26

So let's go ahead and use the dbfacade and we're going to use the prohibit destructive command method on here. We're going to do this inside of our app service provider under boot or anywhere that makes sense for you. You can even create our specific service provider for these things if you want to. Now into this we can pass in a condition, so we can either just do this overall if we wanted to.

01:47

That's going to stop this happening even in a local environment. But in our case, it's probably better to say something like app is production. So this will only prohibit destructive commands in production. So now what is going to happen? Let's just double check that we are still in production here.

02:04

What's going to happen when I try and run something like migrate and rollback? Well, this is just not going to allow us to do this at all. It's not even going to give us the option. So you can see here we get a warning. This command is prohibited from running in this environment. So this can be useful. You might not have come across this before, but if you haven't, you now know it exists.

02:24

But the question is, what is this new update? Well, it doesn't really matter because we've already learned a lot here. But the update that has recently been added is this rollback command here. So these three here and this one here. So wipe, reset, refresh and fresh already existed as part of this.

02:44

The update here is just that the rollback command that we've already been looking at has been added to this list of prohibited destructive commands. So if you didn't already know about this, you now do. And you can go ahead and use this in your production environment if you feel like it's going to be useful. But you also now know that an additional command has been added to this set of prohibited destructive commands.

Episode summary

In this episode, we take a look at how Laravel lets you prevent destructive database commands (the ones that could wipe out your data) from running in sensitive environments, like production. First, you'll see how Laravel already has built-in warnings and confirmation prompts if you try to do something risky like rolling back migrations in production. By default, it tries to keep you safe, but you can take this a step further.

You'll learn how to use the DB::prohibitDestructiveCommand() method, usually in your AppServiceProvider, to completely block these kinds of commands in production (or any other condition you want). This means that commands like migrate:rollback simply won't run at all, with Laravel throwing a warning instead of even letting you confirm.

Finally, we talk about a recent update: the rollback command has now been officially added to the list of commands considered destructive, so it's covered by this protection out of the box along with commands like wipe, reset, refresh, and fresh. If you didn't know about this feature before, now you do—and you can use it to keep your production database safer!

Episode discussion

No comments, yet. Be the first!