There is a division of opinion as to how controllers files should be simplified. Some suggest to create service classes that will handle all the logic but we will still have the same problem. To solve this, we can create a Request class that will handle both authorization and validation, in addition to lifecycle hooks to perform some actions before and after validation.
Form requests should be used to authorize only a specific request. If you have the same authorization logic for multiple requests, you should use a middleware.
Node.js >= 16.17.0
npm install @melchyore/adonis-form-request
# or
yarn add @melchyore/adonis-form-request
# or
pnpm install @melchyore/adonis-form-request
node ace configure @melchyore/adonis-form-request
node ace make:request StoreUser
It will create a file named StoreUserRequest.ts
in App/Requests
.
// App/Requests/StoreUserRequest.ts
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { schema } from '@ioc:Adonis/Core/Validator'
import { FormRequest } from '@ioc:Adonis/Addons/FormRequest'
export default class StoreUserRequest extends FormRequest {
constructor(protected context: HttpContextContract) {
super(context)
}
/**
* Determine if the user is authorized to make the incoming request.
* Can be safely deleted if you don't have any authorization logic.
*/
public async authorize() {
return true
}
/**
* Validation rules.
* Can also return a Validator class.
*/
public rules() {
return {
schema: schema.create({})
}
}
/**
* Before hook to be executed before validation.
*/
protected async before() {}
/**
* After hook to be executed after successful validation.
*/
protected async after() {}
}
-
authorize()
returns aboolean
. This method is used to authorize the incoming request. If you don't have an authorization logic, you can delete the method as it always returnstrue
in the parent class. When it returnsfalse
, an HTTP response with status code 403 will be returned and the controller method will not be executed. -
rules()
returns a schema validator or a validator class. -
before()
doesn't return anything. You can perform some actions before validation. If you want to access request data, you can do it throughthis.context.request
. -
after()
doesn't return anything. You can perform some actions after validation. If you want to access validated data, you can do it throughthis.validated()
.
Then, in a controller, you need to import the formRequest
decorator and your file and type-hint the request
argument with your form request class.
// App/Controllers/Http/UsersController.ts
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { formRequest } from '@melchyore/adonis-form-request/build'
import StoreUserRequest from 'App/Requests'
export default class UsersController {
@formRequest()
public async store(context: HttpContextContract, request: StoreUserRequest) {
await User.create(request.validated())
}
}
When using a Form request class, you should never use request
from context
, always use the request
argument.
It has the same methods and properties as the default Request
class, in addition to new methods.
-
validated()
returns the validated data. -
safe()
returns in instance ofValidatedInput
. -
safe().all()
returns the same data asvalidated()
. -
safe().only(['foo', 'bar'])
returns only the specified validated keys. -
safe().except(['foo', 'bar'])
returns all validated data except specified keys. -
safe().merge({ foo: 'Foo' })
merges and returns the specified data with the validated data.
Note
All the above methods are typed.
Note
If the validation fails, an HTTP response with status code 422 will be returned and the controller method will not be executed.
When using route model binding and form request on the same controller method (same request), the request argument must be the last one.
// App/Controllers/Http/PostsController.ts
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { bind } from '@adonisjs/route-model-binding'
import { formRequest } from '@melchyore/adonis-form-request/build'
import Post from 'App/Models/Post'
import UpdatePostRequest from 'App/Requests/UpdatePostRequest'
export default class PostsController {
@bind()
@formRequest()
public async update ({ response }: HttpContextContract, post: Post, request: UpdatePostRequest) {
const { title, content } = request.validated()
await post.merge({
title,
content
})
.save()
return response.ok(post)
}
}
You have also access to the bindings in the form request class. You can use them to authorize the requests.
// App/Requests/UpdatePostRequest.ts
import type { HttpContextContract } from '@ioc:Adonis/Core/HttpContext'
import { schema } from '@ioc:Adonis/Core/Validator'
import { FormRequest } from '@ioc:Adonis/Addons/FormRequest'
export default class UpdatePostRequest extends FormRequest {
private post: Post // ⬅ Will automatically have the post instance as value.
constructor(protected context: HttpContextContract) {
super(context)
}
/**
* Determine if the user is authorized to make the incoming request.
* Can be safely deleted if you don't have any authorization logic.
*/
public async authorize() {
return this.context.auth.user.id === this.post.userId
}
/**
* Validation rules.
* Can also return a Validator class.
*/
public rules() {
return {
schema: schema.create({
title: schema.string({ trim: true }),
content: schema.string({ trim: true })
})
}
}
/**
* Before hook to be executed before validation.
*/
protected async before() {}
/**
* After hook to be executed after successful validation.
*/
protected async after() {}
}
Note
The
Request
class has the methodpost()
which is deprecated, and the form request class returns an instance ofRequest
, so if you are still using it, don't name your argumentpost
as it will override the method.
Note
Bindings are not available in the form request constructor.
yarn run test
👤 Oussama Benhamed
- Twitter: @Melchyore
- Github: @Melchyore
Contributions, issues and feature requests are welcome!
Feel free to check issues page. You can also take a look at the contributing guide.
Give a ⭐️ if this project helped you!
Copyright © 2022 Oussama Benhamed.
This project is MIT licensed.