Laravel FormRequest Validation for Rest API get calls with 2 query json params not working properly
I got a Laravel FormRequest class that should validate two JSON query strings (nested objects and arrays) on a GET route on my JSON Rest API. I pick up the json query strings, decode them to php objects and store them during validation prepare time on the request for validation.
For some reason, this seems not to work properly. The 'sorters' json validation is working, as is the 'sorters_decoded' validation for 'required' and 'array'. The array element validation and everything after seems not to work since i reach the controller function even if invalid data is sent. The query input bag collection on the request is modified (invalid data is set to null) but no validation 422 response is generated. Do you maybe see something wrong with this code?
class RecipeFindRequest extends FormRequest
{
protected function prepareForValidation(): void
{
try {
$sorters = null;
if ($this->query->has('sorters')) {
$sorters = json_decode($this->query->get('sorters'));
$this->merge([
'sorters_decoded' => $sorters,
]);
}
$filters = null;
if ($this->query->has('filters')) {
$filters = json_decode($this->query->get('filters'));
$this->merge([
'filters_decoded' => $filters,
]);
}
$this->merge([
'language' => $this->headers->get('language'),
]);
} catch(\Throwable $e) {
//die silently, fail response will get raised on validation time
}
}
/**
* Get the validation rules that apply to the request.
*
* @return array<string, mixed>
*/
public function rules(): array
{
return [
'sorters' => ['json'],
'sorters_decoded' => ['required', 'array'],
'sorters_decoded.*.name' => ['required', 'string', Rule::in(['likes', 'ratings', 'calories', 'carbs', 'protein', 'fat', 'created'])],
'sorters_decoded.*.direction' => ['required', 'string', Rule::in(['asc', 'desc'])],
'sorters_decoded.*.order' => ['required', 'integer'],
'filters' => ['json'],
'filters_decoded.duration_high' => ['integer', 'min:0'],
'filters_decoded.duration_low' => ['integer', 'min:0'],
'filters_decoded.title' => ['string'],
'filters_decoded.difficulty' => ['array'],
'filters_decoded.difficulty.*' => ['string', 'exists:difficulties,id'],
'filters_decoded.ingredients' => ['array'],
'filters_decoded.ingredients.*.id' => ['string', 'exists:ingredients,id'],
'filters_decoded.ingredients.*.relation' => ['string', Rule::in(['include', 'exclude'])],
'filters_decoded.liked_by_me' => ['boolean'],
'filters_decoded.cookbooks' => ['array'],
'filters_decoded.cookbooks.*' => ['string', 'exists:cookbooks,id'],
'filters_decoded.nutritions' => ['array'],
'filters_decoded.nutritions.*.category_id' => ['string', 'exists:nutrition_categories,id'],
'filters_decoded.nutritions.*.nutrition_high' => ['numeric', 'min:0'],
'filters_decoded.nutritions.*.nutrition_low' => ['numeric', 'min:0'],
'language' => ['string', 'size:2', 'exists:i18n_languages,short'],
'page' => ['integer', 'min:1'],
'per_page' => ['integer', 'min:1'],
];
}
}
Both params are sent as json query strings and the decoding step works, so its not something to do with url de/encoding.
I tried to change the sorters.*.name array element validation from string to integer, and when i sent in some data like [{'name':'a'}] the 'integer' validation changed the data in $response->query->sorters_decoded to [{'name':null}]. But no 422 validation fail response came up.
Thank you for considering my problem, Mikkey
Solution
There are a number of problems here:
- In
prepareForValidation()you have a try/catch block that does nothing with the caught exception. Contrary to what your comment suggests, it will not be returned as a validation error because you're catching it. Even if it went uncaught, I'm not sure it would show up as a 422 error on the client side. json_decode()does not throw errors by default, so there's nothing for your try/catch statement to work with anyway!json_decode()also decodes to objects by default; your subsequent validation rules will not work without arrays.- You have a validation rules for data that you send in the query string. Form request validation only works on the body of the message, not the query string. Anything you want validated needs to be manually merged.
Here's what I would try:
<?php
namespace App\Http\Requests;
use Illuminate\Validation\ValidationException;
use Throwable;
class RecipeFindRequest extends FormRequest
{
protected function prepareForValidation(): void
{
try {
if ($this->query->has('sorters')) {
$sorters = json_decode($this->query->get('sorters'), associative: true, flags: \JSON_THROW_ON_ERROR);
}
if ($this->query->has('filters')) {
$filters = json_decode($this->query->get('filters'), associative: true, flags: \JSON_THROW_ON_ERROR);
}
$this->merge([
// user cannot easily change the headers of a request
// so you should set a sensible default for this value
'language' => $this->headers->get('language', 'en'),
'page' => $this->query->get('page'),
'per_page' => $this->query->get('per_page'),
'sorters_decoded' => $sorters ?? null,
'filters_decoded' => $filters ?? null,
]);
} catch(Throwable $e) {
if (isset($sorters)) {
// if this is set, the error was with the second decode
$messages = ['filters' => 'An invalid filter value was passed'];
} else {
$messages = ['sorters' => 'An invalid sort value was passed'];
}
throw ValidationException::withMessages($messages);
}
}
/**
* Get the validation rules that apply to the request.
*
* @return array<string, mixed>
*/
public function rules(): array
{
return [
'sorters_decoded' => ['required', 'array'],
'sorters_decoded.*.name' => ['required', 'string', Rule::in(['likes', 'ratings', 'calories', 'carbs', 'protein', 'fat', 'created'])],
'sorters_decoded.*.direction' => ['required', 'string', Rule::in(['asc', 'desc'])],
'sorters_decoded.*.order' => ['required', 'integer'],
'filters_decoded.duration_high' => ['integer', 'min:0'],
'filters_decoded.duration_low' => ['integer', 'min:0'],
'filters_decoded.title' => ['string'],
'filters_decoded.difficulty' => ['array'],
'filters_decoded.difficulty.*' => ['string', 'exists:difficulties,id'],
'filters_decoded.ingredients' => ['array'],
'filters_decoded.ingredients.*.id' => ['string', 'exists:ingredients,id'],
'filters_decoded.ingredients.*.relation' => ['string', Rule::in(['include', 'exclude'])],
'filters_decoded.liked_by_me' => ['boolean'],
'filters_decoded.cookbooks' => ['array'],
'filters_decoded.cookbooks.*' => ['string', 'exists:cookbooks,id'],
'filters_decoded.nutritions' => ['array'],
'filters_decoded.nutritions.*.category_id' => ['string', 'exists:nutrition_categories,id'],
'filters_decoded.nutritions.*.nutrition_high' => ['numeric', 'min:0'],
'filters_decoded.nutritions.*.nutrition_low' => ['numeric', 'min:0'],
'language' => ['string', 'size:2', 'exists:i18n_languages,short'],
'page' => ['integer', 'min:1'],
'per_page' => ['integer', 'min:1'],
];
}
}
The size of these URLs must be massive; this is the sort of thing that post requests are best used for. (But this isn't a hard and fast rule, just my opinion.)
- Using preg_replace() to convert alphanumeric strings from camelCase to kebab-case
- Replace matched uppercase letter with its lowercase version (camelCase to kebab-case)
- Inject a comma between alphanumeric substrings and non-alphanumeric substrings
- I can't set Session Items in laravel inertia
- Isolate substring from first asterisk to second asterisk and use the first word of the match in the replacement
- PHP : ReflectionParameter, isOptional vs isDefaultValueAvailable
- Laravel Carbon subtract days from current date
- strlen() expects parameter 1 to be string, array given
- Not Acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security
- Extract a file from a ZIP string
- How to always show the stock status in WooCommerce products
- Symfony Validator does not work with nested AtLeastOneOf Constraint
- TYPO3 extension: Is the __construct() of a class only called when the record is created via the FE, not the BE?
- Why must I rewind IteratorIterator
- How to update a chart in Google Slides dynamically?
- How to ensure full string validation with regex on phone number string?
- Password strength validating regex error: No ending delimiter or unknown modifier
- Regex error: Delimiter must not be alphanumeric or backslash
- How can I install a pecl extension like mcrypt in DDEV's web container?
- Match curly braced placeholders with a variable number of dot-delimited internal values
- Shorten long numbers to K/M/B?
- How to disable csrf in symfony?
- Match 3 subdirectory names in a filepath string after a specified directory name
- Validate the existence of banned words including near spellings in a string
- Get all <option> text values from an HTML document
- Get all matches between distinct substrings occurring on multiple lines
- Parse MSHTML and extract a <table> and it's contents
- Scrape href values from qualifying hyperlinks in Amazon's search results HTML
- Laravel 11 - HasMiddleware's middleware() method conflits with Illuminate\Routing\Controller's middlware()
- Scrape all numeric values from all qualifying list items in an HTML document