How can I prevent that a Laravel controller method handle HTTP Request that doesn't have the expected parameters list?

Question

I am pretty new in PHP and moreover in Laravel. I came from Java and I am a Spring MVC developer. Now I am using Laravel 5.4 for a project.

I have the following doubt related to the possibility to create Laravel controller method that handle HTTP Request having a spefic list of parameters (as the controller method input parametes).

In Spring MVC I can declare controller method that accept only request having a specific list (and type, but in PHP we have not type) of parameter instead the simple Request $request object from which extract the parameters.

I think being able to declare the pameters list (insted the Request object and then extract from it) is much better because the code is more readable (you read the method signature and you know what it use) and also the application can not enter in a controller method if the user have not specified all the neede parmeters !!!

For example I have a request like this (representing the link to activate an account on my Laravel website sended on the e-mail after the user registration):

http://laravel.dev/activate?email=my-email@gmail.com&token=cce0452d95c358b5b3b97fec5662e12e

I don't wan't a controller method like this:

public function activate(Request $request) {
    if ( $request->has('email') && $request->has('token')) {
        $email = $request->email;
        $token = $request->token;
    }
}

because:

• Looking at the input parameter I only have the Request $request object that says me nothing about what this method will use.

• Most important I have to manually handle the extraction of the email and of the token request parameters and check if these parameters exist in the request.

What I desire is that if the HTTP Request doesn't contains the expected parameters list the method will not handle this request.

I founded this solution:

Into my web.php file I put this route:

Route::get('/activate', [ 'as' => 'activate', function() {
    return app()->make(App\Http\Controllers\RegistrationController::class)->callAction('activate', $parameters = [ 'email' => request()->email, 'token' => request()->token ]);
}]);

Then this is my controller method into my RegistrationController class:

public function activate($email, $token) {

    echo "Email: $email"; // myemail@gmail.com
    echo "Token: $token"; // eb0d89ba7a277621d7f1adf4c7803ebc
    // do stuff
}

The problem is that doing in this way I can specify the request parameters as input parameters of my controller method (making it more readable) but the main problem remain, infact I can perform an HTTP Request like this:

http://laravel.dev/activate?email=nobili.andrea@gmail.com&XDEBUG_SESSION_START=14267

that is handled by the activate() controller method.

I really want prevent that this method handle request that doesn't have the expected request parameters.

Can I do it in Laravel in some way? Maybe can I modify this solution to obtain this behavior?

Answer 1

Yes you can validate the request, however it probably works a bit different than Spring MCV.

You can replace the Request $request in your method with one that checks the parameters with form requests validation:

See the docs for all information, but the gist is:

php artisan make:request ActivateRequest

This makes ActivateRequest file in App/Http/Requests with rules:

public function rules()
{
    return [
        'email' => 'required|email',
        'token' => 'required',
    ];
}

Then in your controller:

public function activate(ActivateRequest $request) {
    return 'Works!';
}

It will automatically return errors if there are any in two ways:

1. In a normal request it does redirect()->back() and provides an $errors array which you can access in the code.

2. In JSON or API request it shows a JSON array with all errors.