How to check route parameters in Laravel and accepted only specific parameters?

Asked

Viewed 963 times

1

I would like to know how to create a function that validates the parameter received from a route on Laravel, for example, have a route:

Route::get('fotos/{user_id}');

where you can only access users where the user_id is equal to the id of the logged in user.

In a quick search I saw that the Laravel has Regular Expression Constraints that works

Route::get('user/{name}', function ($name) {
    //
})->where('name', '[A-Za-z]+');`

and Route Service Provider, would like to know how I can create validation functions and what is the best way to do something like this.

  • the technique is middleware. https://laravel.com/docs/5.4/middleware

  • can I join middleware and Service Provider? wanted every route that receives the same parameter to do a validation, example every route that receives user_id has the same id validation.

  • There is another technique Route::group put all the routes inside of it, which has this logic, and the middleware for them in the group. that is to say, middleware and Route::group

  • This link to middleware with Route::group => https://laravel.com/docs/5.4/middleware#middleware-groups

1 answer

3

There’s no way that’s the best solution in this case.

For this you can put the check in the controller, or in a simple way on the route as mentioned in the question:

Route::get('/fotos/{user_id}', function() {
    if(Auth::user()->id != request()->user_id) {
        // não é... redirecionar sujeito
    }
    // é o utilizador login, continuar lógica, buscar as fotos do utilizador com este id
});

But attention:

Warmly use middleware for this, and Salable already has one by default:

/app/Http/Middleware/Redirectifauthenticated.php

That is, assuming that everything is okay with your authentication system, and if only the login user can access this route ("... users where user_id is equal to the login user id."), you can/should do:

Route::get('/fotos/user', function() {
    // se isto for executado é porque o utilizador está login
    $id_user = Auth::user()->id;
    // continuar lógica, buscar as fotos do utilizador com este id
})->middleware('auth'); // auth é o alias para o middleware descrito em cima, RedirectIfAuthenticated

DOCS

I noticed comments on the question (these details should be in the question itself), that you want to make a set of routes have the same processing, auth in this case, then you can group them (very well said by @Virgilio Novic) in the same middleware, in this case all routes of the group will be processed by middleware auth:

Route::group(['middleware' => ['auth']], function() {

    Route::get('/fotos/user', function() {
        // se isto for executado é porque o utilizador está login
        $id_user = Auth::user()->id;
        // continuar lógica, buscar as fotos do utilizador com este id
    });

    Route::get('/perfil/user', function() {
        // se isto for executado é porque o utilizador está login
    });

});

DOCS

Browser other questions tagged

You are not signed in. Login or sign up in order to post.