Laravel Poznań Meetup #2 - Wykorzystanie FormRequest w Laravelu

Wykorzystanie Form Request
przy implementacji API w
Laravelu

Marek Tenus
Full-stack Senior Developer
marek@highsolutions.pl

#1 - Architektura projektu
● NativeScript
● Angular
● TypeScript
● CSS (NativeScript)
● HTML (NativeScript)

● PHP 7.1
● MySQL 5.7
● Laravel 5.5

● PHP 7.1
● MySQL 5.7
● Laravel 5.5
● CSS3
● HTML5
● JavaScript

#2 - Konstrukcja API
DB
Client

DB
Client
Server

Client
● Send request
● Get response

Server
● Get request
● Handle request
● Return response

Auth/Token
request / HTTPS (POST/GET/DELETE/PUT)

request / HTTPS (POST/GET/DELETE/PUT)
/api/article/1
REST Interface
Auth/Token

reponse / JSON

#3 - Klasyczna obsługa żądań
Routes

Routes
/api/article GET index
/api/article POST store

Routes Middleware

Routes Middleware
allow or deny

Routes Middleware Controller
allow or deny

allow or deny
get request
handle request
do some stuff
return response

namespace AppHttpControllersEventController;
use AppHttpControllersController;
use IlluminateHttpRequest;
class EventController extends Controller
{
}

public function __construct() {}
public function index() {} //GET
public function create() {} //GET
public function store() {} //POST
public function edit() {} //GET
public function update() {} //PUT/PATCH
public function destroy() {} //DELETE

public function store(Request $request) {
}

}
Dependency Injection

public function store() {
$request = request();
}

public function store() {
$request = request();
}
Current instance of Request

//authorize the request access(?)
//check if the request has valid data
//store the event member
//give some response
}

abort_if(!$request->ajax(), 403);
//check if request has valid data
$request->validate([
'first_name' => 'required|max:191',
'last_name' => 'required|max:191',
'department_id' => 'required|exists:departments,id',
'note' => 'max:512',
]);
EventMember::create($request->all());
return [
‘success’ => true,
];

#4 - Form Request
● Klasa dziedzicząca z klasy Request
● Posiada wbudowaną logikę walidacji
● Autoryzacja dostępu do wykonania żądania
● Czy pozwala na więcej?!

#4 - Form Request
allow or deny
get request
handle request
do some stuff
return response

#4 - Form Request
allow or deny
get request
do some stuff
return response
Form
Request
handle request
- validation
- authorization

#4 - Form Request
php artisan make:request StoreEventMemberRequest

#4 - Form Request
namespace AppHttpRequests;
use IlluminateFoundationHttpFormRequest;
class StoreEventMemberRequest extends FormRequest
{
public function authorize()
{
return false;
}
public function rules()
{
return [
];
}
}

#4 - Form Request
{
{
return true;
}
{
return [
];
}
}

#4 - Form Request
{
{
return true;
}
}

#4 - Form Request
{
{
return $this->ajax();
}
}
true => access
false => 403

#4 - Form Request
{
{
return $this->ajax();
}
} protected function failedAuthorization()
{
throw new HttpResponseException($this->forbiddenResponse());
}
true => access
false => 403

#4 - Form Request
{
{
return true;
}
{
return [
'note' => 'max:512',
];
}
}

#4 - Form Request
public function messages()
{
return [
‘first_name.required’ => ‘Your first name is required’,
‘last_name.required’ => ‘Your last name is required’,
];
}

#4 - Form Request
public function attributes()
{
return [
‘first_name’ => ‘Your first name’,
‘last_name’ => ‘Your last name’,
];
}

#4 - Form Request
public function withValidator($validator)
{
$validator->after(function ($validator) {
if ($this->somethingElseIsInvalid()) {
$validator->errors()->add('field', 'Something is wrong with this field!');
}
});
}

#4 - Form Request
use AppHttpControllersController;
use IlluminateHttpRequest;
use AppHttpRequestsStoreEventMemberRequest;
class EventController extends Controller
{
}

#4 - Form Request
public function store(StoreEventMemberRequest $request)
{
}

#4 - Form Request
abort_if(!$request->ajax(), 403);
$request->validate([
'note' => 'max:512',
]);
return [
];

#4 - Form Request
public function store(StoreEventMemberRequest $request) {
return [
];
}

#4 - Form Request
Czy pozwala na
więcej?!

#4 - Form Request
● Oczyszczanie danych formularza (sanitizing)
● Manipulacja danymi formularza (handling)
● Logowanie zdarzeń (logging)

#5 - Zastosowanie Form Request w projekcie
● Oczyszczanie danych formularza (sanitizing)
● Manipulacja danymi formularza (handling)
● Logowanie zdarzeń (logging)

public function all()
{
}

{
$attributes = parent::all();
return collect($attributes)
->map(function($field) {
return $field ?? filter_var($field,
FILTER_SANITIZE_STRING);
})
->all();
}

{
})
->all();
}
$_POST[‘data’] = [...];
422 (Unprocessable Entity)

{
})
->all();
}
$_POST[‘data’] = [...];
422 (Unprocessable Entity)
public function response(array $errors)
{
if ($this->ajax() || $this->wantsJson()) {
return new JsonResponse($errors, 422);
}
return $this->redirector->to($this->getRedirectUrl())
->withInput($this->except($this->dontFlash))
->withErrors($errors, $this->errorBag);
}

{
return $this->sanitizeAttributes($attributes);
}
$_POST[‘data’] = [...];
protected function sanitizeAttributes($attributes) {
})
->all();
}

{
$attributes = $this->input('data');
$attributes['token'] = $this->input('token');
return $this->sanitizeAttributes($attributes);
}

{
return $this->sanitizeAttributes($this->handleAttributes());
}
protected function handleAttributes() {
$attributes['token'] = $this-
>input('token');
return $attributes;
}

{
return $this->sanitizeAttributes($this->handleAttributes());
}
protected function handleAttributes() {
if(!$this->has(‘data’)) {
return parent::all();
}
$attributes['token'] = $this->input('token');
return $attributes;
}

#6 - Podsumowanie
Zalety
● Clean code
● Dependency Injection
● Security
● Reusability

#6 - Podsumowanie
Wady
● Łamie SRP (Single Responsibility Principle)
● Przesadne używanie Form Request

Marek Tenus
marek@highsolutions.pl

Laravel Poznań Meetup #2 - Wykorzystanie FormRequest w Laravelu

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Laravel Poznań Meetup #2 - Wykorzystanie FormRequest w Laravelu

Similar to Laravel Poznań Meetup #2 - Wykorzystanie FormRequest w Laravelu (20)

More from HighSolutions Sp. z o.o.

More from HighSolutions Sp. z o.o. (19)

Recently uploaded

Recently uploaded (20)

Laravel Poznań Meetup #2 - Wykorzystanie FormRequest w Laravelu

Editor's Notes