Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@melchyore/adonis-form-request
Advanced tools
Readme
There is a division of opinion as to how controllers files should be simplified. Some suggest to create service classes that will handle all the logic but we will still have the same problem. To solve this, we can create a Request class that will handle both authorization and validation, in addition to lifecycle hooks to perform some actions before and after validation.
Form requests should be used to authorize only a specific request. If you have the same authorization logic for multiple requests, you should use a middleware.
Node.js >= 16.17.0
npm install @melchyore/adonis-form-request
# or
yarn add @melchyore/adonis-form-request
# or
pnpm install @melchyore/adonis-form-request
node ace configure @melchyore/adonis-form-request
node ace make:request StoreUser
It will create a file named StoreUserRequest.ts
in App/Requests
.
// App/Requests/StoreUserRequest.ts
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { schema } from '@ioc:Adonis/Core/Validator'
import { FormRequest } from '@ioc:Adonis/Addons/FormRequest'
export default class StoreUserRequest extends FormRequest {
constructor(protected context: HttpContextContract) {
super(context)
}
/**
* Determine if the user is authorized to make the incoming request.
* Can be safely deleted if you don't have any authorization logic.
*/
public async authorize() {
return true
}
/**
* Validation rules.
* Can also return a Validator class.
*/
public rules() {
return {
schema: schema.create({})
}
}
/**
* Before hook to be executed before validation.
*/
protected async before() {}
/**
* After hook to be executed after successful validation.
*/
protected async after() {}
}
authorize()
returns a boolean
. This method is used to authorize the incoming request. If you don't have an authorization logic, you can delete the method as it always returns true
in the parent class. When it returns false
, an HTTP response with status code 403 will be returned and the controller method will not be executed.
rules()
returns a schema validator or a validator class.
before()
doesn't return anything. You can perform some actions before validation. If you want to access request data, you can do it through this.context.request
.
after()
doesn't return anything. You can perform some actions after validation. If you want to access validated data, you can do it through this.validated()
.
Then, in a controller, you need to import the formRequest
decorator and your file and type-hint the request
argument with your form request class.
// App/Controllers/Http/UsersController.ts
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { formRequest } from '@melchyore/adonis-form-request/build'
import StoreUserRequest from 'App/Requests'
export default class UsersController {
@formRequest()
public async store(context: HttpContextContract, request: StoreUserRequest) {
await User.create(request.validated())
}
}
When using a Form request class, you should never use request
from context
, always use the request
argument.
It has the same methods and properties as the default Request
class, in addition to new methods.
validated()
returns the validated data.
safe()
returns in instance of ValidatedInput
.
safe().all()
returns the same data as validated()
.
safe().only(['foo', 'bar'])
returns only the specified validated keys.
safe().except(['foo', 'bar'])
returns all validated data except specified keys.
safe().merge({ foo: 'Foo' })
merges and returns the specified data with the validated data.
Note
All the above methods are typed.
Note
If the validation fails, an HTTP response with status code 422 will be returned and the controller method will not be executed.
When using route model binding and form request on the same controller method (same request), the request argument must be the last one.
// App/Controllers/Http/PostsController.ts
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { bind } from '@adonisjs/route-model-binding'
import { formRequest } from '@melchyore/adonis-form-request/build'
import Post from 'App/Models/Post'
import UpdatePostRequest from 'App/Requests/UpdatePostRequest'
export default class PostsController {
@bind()
@formRequest()
public async update ({ response }: HttpContextContract, post: Post, request: UpdatePostRequest) {
const { title, content } = request.validated()
await post.merge({
title,
content
})
.save()
return response.ok(post)
}
}
You have also access to the bindings in the form request class. You can use them to authorize the requests.
// App/Requests/UpdatePostRequest.ts
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { schema } from '@ioc:Adonis/Core/Validator'
import { FormRequest } from '@ioc:Adonis/Addons/FormRequest'
export default class UpdatePostRequest extends FormRequest {
private post: Post // ⬅ Will automatically have the post instance as value.
constructor(protected context: HttpContextContract) {
super(context)
}
/**
* Determine if the user is authorized to make the incoming request.
* Can be safely deleted if you don't have any authorization logic.
*/
public async authorize() {
return this.context.auth.user.id === this.post.userId
}
/**
* Validation rules.
* Can also return a Validator class.
*/
public rules() {
return {
schema: schema.create({
title: schema.string({ trim: true }),
content: schema.string({ trim: true })
})
}
}
/**
* Before hook to be executed before validation.
*/
protected async before() {}
/**
* After hook to be executed after successful validation.
*/
protected async after() {}
}
Note
The
Request
class has the methodpost()
which is deprecated, and the form request class returns an instance ofRequest
, so if you are still using it, don't name your argumentpost
as it will override the method.
Note
Bindings are not available in the form request constructor.
yarn run test
👤 Oussama Benhamed
Contributions, issues and feature requests are welcome!
Feel free to check issues page. You can also take a look at the contributing guide.
Give a ⭐️ if this project helped you!
Copyright © 2022 Oussama Benhamed.
This project is MIT licensed.
FAQs
Use dedicated classes to authorize and validate requests
The npm package @melchyore/adonis-form-request receives a total of 263 weekly downloads. As such, @melchyore/adonis-form-request popularity was classified as not popular.
We found that @melchyore/adonis-form-request demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.