Introduction
There is a division of opinion as to how controllers files should be simplified. Some suggest to create service classes that will handle all the logic but we will still have the same problem. To solve this, we can create a Request class that will handle both authorization and validation, in addition to lifecycle hooks to perform some actions before and after validation.
Form requests should be used to authorize only a specific request. If you have the same authorization logic for multiple requests, you should use a middleware.
Pre-requisites
Node.js >= 16.17.0
Installation
npm install @melchyore/adonis-form-request
yarn add @melchyore/adonis-form-request
pnpm install @melchyore/adonis-form-request
Configure
node ace configure @melchyore/adonis-form-request
Usage
node ace make:request StoreUser
It will create a file named StoreUserRequest.ts
in App/Requests
.
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { schema } from '@ioc:Adonis/Core/Validator'
import { FormRequest } from '@ioc:Adonis/Addons/FormRequest'
export default class StoreUserRequest extends FormRequest {
constructor(protected context: HttpContextContract) {
super(context)
}
public async authorize() {
return true
}
public rules() {
return {
schema: schema.create({})
}
}
protected async before() {}
protected async after() {}
}
-
authorize()
returns a boolean
. This method is used to authorize the incoming request. If you don't have an authorization logic, you can delete the method as it always returns true
in the parent class. When it returns false
, an HTTP response with status code 403 will be returned and the controller method will not be executed.
-
rules()
returns a schema validator or a validator class.
-
before()
doesn't return anything. You can perform some actions before validation. If you want to access request data, you can do it through this.context.request
.
-
after()
doesn't return anything. You can perform some actions after validation. If you want to access validated data, you can do it through this.validated()
.
Then, in a controller, you need to import the formRequest
decorator and your file and type-hint the request
argument with your form request class.
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { formRequest } from '@melchyore/adonis-form-request/build'
import StoreUserRequest from 'App/Requests'
export default class UsersController {
@formRequest()
public async store(context: HttpContextContract, request: StoreUserRequest) {
await User.create(request.validated())
}
}
When using a Form request class, you should never use request
from context
, always use the request
argument.
It has the same methods and properties as the default Request
class, in addition to new methods.
-
validated()
returns the validated data.
-
safe()
returns in instance of ValidatedInput
.
-
safe().all()
returns the same data as validated()
.
-
safe().only(['foo', 'bar'])
returns only the specified validated keys.
-
safe().except(['foo', 'bar'])
returns all validated data except specified keys.
-
safe().merge({ foo: 'Foo' })
merges and returns the specified data with the validated data.
Note
All the above methods are typed.
Note
If the validation fails, an HTTP response with status code 422 will be returned and the controller method will not be executed.
Usage with route model binding
When using route model binding and form request on the same controller method (same request), the request argument must be the last one.
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { bind } from '@adonisjs/route-model-binding'
import { formRequest } from '@melchyore/adonis-form-request/build'
import Post from 'App/Models/Post'
import UpdatePostRequest from 'App/Requests/UpdatePostRequest'
export default class PostsController {
@bind()
@formRequest()
public async update ({ response }: HttpContextContract, post: Post, request: UpdatePostRequest) {
const { title, content } = request.validated()
await post.merge({
title,
content
})
.save()
return response.ok(post)
}
}
You have also access to the bindings in the form request class. You can use them to authorize the requests.
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { schema } from '@ioc:Adonis/Core/Validator'
import { FormRequest } from '@ioc:Adonis/Addons/FormRequest'
export default class UpdatePostRequest extends FormRequest {
private post: Post
constructor(protected context: HttpContextContract) {
super(context)
}
public async authorize() {
return this.context.auth.user.id === this.post.userId
}
public rules() {
return {
schema: schema.create({
title: schema.string({ trim: true }),
content: schema.string({ trim: true })
})
}
}
protected async before() {}
protected async after() {}
}
Note
The Request
class has the method post()
which is deprecated, and the form request class returns an instance of Request
, so if you are still using it, don't name your argument post
as it will override the method.
Note
Bindings are not available in the form request constructor.
Run tests
yarn run test
Author
👤 Oussama Benhamed
🤝 Contributing
Contributions, issues and feature requests are welcome!
Feel free to check issues page. You can also take a look at the contributing guide.
Show your support
Give a ⭐️ if this project helped you!
📝 License
Copyright © 2022 Oussama Benhamed.
This project is MIT licensed.