Want to control have better control of model injection ? Need to validate the data before querying the database ?
Here is a package that allows you to do that.
You can install the package via composer:
composer require soyhuce/laravel-model-injection
To validate the url parameter used to inject the model in the controller, you can use
the Soyhuce\ModelInjection\ValidatesImplicitBindings
trait in it.
You will have then to implement the method public function routeBindingRules(): array
which will define, for each key on which the model will be bound, the rules to validate the url parameter.
use Soyhuce\ModelInjection\ValidatesImplicitBinding;
class Post extends Model
{
use ValidatesImplicitBinding;
/**
* @return array<string, mixed>
*/
public function routeBindingRules(): array
{
return [
'id' => 'integer',
'slug' => ['string', 'min:5']
];
}
}
This will allow you to validate the parameter to bind the Post
in the routes using:
Route::get('posts/{post}', function(Post $post) {
//...
});
Route::get('posts-by-slug/{post:slug}', function(Post $post) {
//...
});
If the parameter is not valid, a 404 error will be returned.
GET /posts/foo => 404
GET /posts-by-slug/bar => 404
See https://laravel.com/docs/routing#implicit-binding
You can customize the way this package will handle validation failure for implicit bindings.
In a Service provider, just call InvalidRouteBinding::handleUsing
:
InvalidRouteBinding::handleUsing(function (string $class, string $field): never {
Log::error("Invalid binding for $class on $field.");
abort(422);
});
You can explicitly bind your models using \Soyhuce\ModelInjection\BindModels
trait in a service
provider (RouteServiceProvider
for exemple).
use Soyhuce\ModelInjection\BindModels;
class RouteServiceProvider extends ServiceProvider {
use BindModels;
/**
* Define your route model bindings, pattern filters, etc.
*
* @return void
*/
public function boot() {
parent::boot();
$this->bindModel('user', User::class, 'integer'); // Validates that the parameter is an integer
// You can bind a model explicitly on a given column
$this->bindModelOn('post', Post::class, ['string', 'min:5'], 'slug');
}
}
If the given parameter is not valid, a 404 error will be returned.
composer test
Please see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
Please review our security policy on how to report security vulnerabilities.
The MIT License (MIT). Please see License File for more information.