This document discusses using Form Requests in Laravel API implementations. Form Requests allow handling requests in a centralized way by validating data, authorizing access, and cleaning input. Key points covered include constructing an API with Laravel, classic request handling via controllers, and how Form Requests improve this by centralizing validation, authorization, and sanitization logic. Form Requests can also be customized to manipulate request data and log events. The document concludes that Form Requests promote clean code, security and reusability, though they can break the single responsibility principle if overused.

1. Wykorzystanie Form Request
przy implementacji API w
Laravelu

2. Marek Tenus
Full-stack Senior Developer
marek@highsolutions.pl

3. #1 - Architektura projektu
● NativeScript
● Angular
● TypeScript
● CSS (NativeScript)
● HTML (NativeScript)

4. #1 - Architektura projektu
● PHP 7.1
● MySQL 5.7
● Laravel 5.5

5. #1 - Architektura projektu
● PHP 7.1
● MySQL 5.7
● Laravel 5.5
● CSS3
● HTML5
● JavaScript

6. #2 - Konstrukcja API
DB

7. #2 - Konstrukcja API
DB

8. #2 - Konstrukcja API
DB
Client

9. #2 - Konstrukcja API
DB
Client
Server

10. #2 - Konstrukcja API
DB

11. #2 - Konstrukcja API
DB

12. #2 - Konstrukcja API

13. #2 - Konstrukcja API
Client
● Send request
● Get response

14. #2 - Konstrukcja API
Server
● Get request
● Handle request
● Return response

15. #2 - Konstrukcja API
Auth/Token
request / HTTPS (POST/GET/DELETE/PUT)

16. #2 - Konstrukcja API
request / HTTPS (POST/GET/DELETE/PUT)
/api/article/1
REST Interface
Auth/Token

17. #2 - Konstrukcja API
reponse / JSON

18. #3 - Klasyczna obsługa żądań
Routes

19. #3 - Klasyczna obsługa żądań
Routes
/api/article GET index
/api/article POST store

20. #3 - Klasyczna obsługa żądań
Routes Middleware
/api/article GET index
/api/article POST store

21. #3 - Klasyczna obsługa żądań
Routes Middleware
/api/article GET index
/api/article POST store
allow or deny

22. #3 - Klasyczna obsługa żądań
Routes Middleware Controller
/api/article GET index
/api/article POST store
allow or deny

23. #3 - Klasyczna obsługa żądań
Routes Middleware Controller
/api/article GET index
/api/article POST store
allow or deny
get request
handle request
do some stuff
return response

24. #3 - Klasyczna obsługa żądań
Routes Middleware Controller
/api/article GET index
/api/article POST store
allow or deny
get request
handle request
do some stuff
return response

25. #3 - Klasyczna obsługa żądań
namespace AppHttpControllersEventController;
use AppHttpControllersController;
use IlluminateHttpRequest;
class EventController extends Controller
{
}

26. #3 - Klasyczna obsługa żądań
namespace AppHttpControllersEventController;
use AppHttpControllersController;
use IlluminateHttpRequest;
class EventController extends Controller
{
}

27. #3 - Klasyczna obsługa żądań
public function __construct() {}
public function index() {} //GET
public function create() {} //GET
public function store() {} //POST
public function edit() {} //GET
public function update() {} //PUT/PATCH
public function destroy() {} //DELETE

28. #3 - Klasyczna obsługa żądań
public function store(Request $request) {
}

29. #3 - Klasyczna obsługa żądań
public function store(Request $request) {
}
Dependency Injection

30. #3 - Klasyczna obsługa żądań
public function store() {
$request = request();
}

31. #3 - Klasyczna obsługa żądań
public function store() {
$request = request();
}
Current instance of Request

32. #3 - Klasyczna obsługa żądań
public function store(Request $request) {
//authorize the request access(?)
//check if the request has valid data
//store the event member
//give some response
}

33. #3 - Klasyczna obsługa żądań
//authorize the request access(?)
abort_if(!$request->ajax(), 403);
//check if request has valid data
$request->validate([
'first_name' => 'required|max:191',
'last_name' => 'required|max:191',
'department_id' => 'required|exists:departments,id',
'note' => 'max:512',
]);
//store the event member
EventMember::create($request->all());
//give some response
return [
‘success’ => true,
];

34. #4 - Form Request
● Klasa dziedzicząca z klasy Request
● Posiada wbudowaną logikę walidacji
● Autoryzacja dostępu do wykonania żądania
● Czy pozwala na więcej?!

35. #4 - Form Request
Routes Middleware Controller
/api/article GET index
/api/article POST store
allow or deny
get request
handle request
do some stuff
return response

36. #4 - Form Request
Routes Middleware Controller
/api/article GET index
/api/article POST store
allow or deny
get request
do some stuff
return response
Form
Request
handle request
- validation
- authorization

37. #4 - Form Request
Routes Middleware Controller
/api/article GET index
/api/article POST store
allow or deny
get request
do some stuff
return response
Form
Request
handle request
- validation
- authorization

38. #4 - Form Request
php artisan make:request StoreEventMemberRequest

39. #4 - Form Request
namespace AppHttpRequests;
use IlluminateFoundationHttpFormRequest;
class StoreEventMemberRequest extends FormRequest
{
public function authorize()
{
return false;
}
public function rules()
{
return [
];
}
}

40. #4 - Form Request
class StoreEventMemberRequest extends FormRequest
{
public function authorize()
{
return true;
}
public function rules()
{
return [
];
}
}

41. #4 - Form Request
class StoreEventMemberRequest extends FormRequest
{
public function authorize()
{
return true;
}
}

42. #4 - Form Request
class StoreEventMemberRequest extends FormRequest
{
public function authorize()
{
return $this->ajax();
}
}
true => access
false => 403

43. #4 - Form Request
class StoreEventMemberRequest extends FormRequest
{
public function authorize()
{
return $this->ajax();
}
} protected function failedAuthorization()
{
throw new HttpResponseException($this->forbiddenResponse());
}
true => access
false => 403

44. #4 - Form Request
class StoreEventMemberRequest extends FormRequest
{
public function authorize()
{
return true;
}
public function rules()
{
return [
'first_name' => 'required|max:191',
'last_name' => 'required|max:191',
'department_id' => 'required|exists:departments,id',
'note' => 'max:512',
];
}
}

45. #4 - Form Request
public function messages()
{
return [
‘first_name.required’ => ‘Your first name is required’,
‘last_name.required’ => ‘Your last name is required’,
];
}

46. #4 - Form Request
public function attributes()
{
return [
‘first_name’ => ‘Your first name’,
‘last_name’ => ‘Your last name’,
];
}

47. #4 - Form Request
public function withValidator($validator)
{
$validator->after(function ($validator) {
if ($this->somethingElseIsInvalid()) {
$validator->errors()->add('field', 'Something is wrong with this field!');
}
});
}

48. #4 - Form Request
use AppHttpControllersController;
use IlluminateHttpRequest;
use AppHttpRequestsStoreEventMemberRequest;
class EventController extends Controller
{
}

49. #4 - Form Request
public function store(StoreEventMemberRequest $request)
{
//authorize the request access(?)
//check if request has valid data
//store the event member
//give some response
}

50. #4 - Form Request
//authorize the request access(?)
abort_if(!$request->ajax(), 403);
//check if request has valid data
$request->validate([
'first_name' => 'required|max:191',
'last_name' => 'required|max:191',
'department_id' => 'required|exists:departments,id',
'note' => 'max:512',
]);
//store the event member
EventMember::create($request->all());
//give some response
return [
‘success’ => true,
];

51. #4 - Form Request
//authorize the request access(?)
abort_if(!$request->ajax(), 403);
//check if request has valid data
$request->validate([
'first_name' => 'required|max:191',
'last_name' => 'required|max:191',
'department_id' => 'required|exists:departments,id',
'note' => 'max:512',
]);
//store the event member
EventMember::create($request->all());
//give some response
return [
‘success’ => true,
];

52. #4 - Form Request
public function store(StoreEventMemberRequest $request) {
EventMember::create($request->all());
return [
‘success’ => true,
];
}

53. #4 - Form Request

54. #4 - Form Request
Czy pozwala na
więcej?!

55. #4 - Form Request
● Oczyszczanie danych formularza (sanitizing)
● Manipulacja danymi formularza (handling)
● Logowanie zdarzeń (logging)

56. #5 - Zastosowanie Form Request w projekcie
● Oczyszczanie danych formularza (sanitizing)
● Manipulacja danymi formularza (handling)
● Logowanie zdarzeń (logging)

57. #5 - Zastosowanie Form Request w projekcie
public function all()
{
}

58. #5 - Zastosowanie Form Request w projekcie
public function all()
{
$attributes = parent::all();
return collect($attributes)
->map(function($field) {
return $field ?? filter_var($field,
FILTER_SANITIZE_STRING);
})
->all();
}

59. #5 - Zastosowanie Form Request w projekcie
public function all()
{
$attributes = parent::all();
return collect($attributes)
->map(function($field) {
return $field ?? filter_var($field,
FILTER_SANITIZE_STRING);
})
->all();
}
$_POST[‘data’] = [...];
422 (Unprocessable Entity)

60. #5 - Zastosowanie Form Request w projekcie
public function all()
{
$attributes = parent::all();
return collect($attributes)
->map(function($field) {
return $field ?? filter_var($field,
FILTER_SANITIZE_STRING);
})
->all();
}
$_POST[‘data’] = [...];
422 (Unprocessable Entity)
public function response(array $errors)
{
if ($this->ajax() || $this->wantsJson()) {
return new JsonResponse($errors, 422);
}
return $this->redirector->to($this->getRedirectUrl())
->withInput($this->except($this->dontFlash))
->withErrors($errors, $this->errorBag);
}

61. #5 - Zastosowanie Form Request w projekcie
public function all()
{
$attributes = parent::all();
return $this->sanitizeAttributes($attributes);
}
$_POST[‘data’] = [...];
protected function sanitizeAttributes($attributes) {
return collect($attributes)
->map(function($field) {
return $field ?? filter_var($field,
FILTER_SANITIZE_STRING);
})
->all();
}

62. #5 - Zastosowanie Form Request w projekcie
public function all()
{
$attributes = $this->input('data');
$attributes['token'] = $this->input('token');
return $this->sanitizeAttributes($attributes);
}

63. #5 - Zastosowanie Form Request w projekcie
public function all()
{
return $this->sanitizeAttributes($this->handleAttributes());
}
protected function handleAttributes() {
$attributes = $this->input('data');
$attributes['token'] = $this-
>input('token');
return $attributes;
}

64. #5 - Zastosowanie Form Request w projekcie
public function all()
{
return $this->sanitizeAttributes($this->handleAttributes());
}
protected function handleAttributes() {
if(!$this->has(‘data’)) {
return parent::all();
}
$attributes = $this->input('data');
$attributes['token'] = $this->input('token');
return $attributes;
}

65. #6 - Podsumowanie
Zalety
● Clean code
● Dependency Injection
● Security
● Reusability

66. #6 - Podsumowanie
Wady
● Łamie SRP (Single Responsibility Principle)
● Przesadne używanie Form Request

67. Marek Tenus
marek@highsolutions.pl