Laravel

Overview Controllers often become bloated with validation rules and authorization checks that distract from the primary business logic. Laravel Form Requests solve this by encapsulating these concerns into a dedicated class. This promotes the Single Responsibility Principle, ensuring your controllers remain slim, readable, and focused on execution rather than data gatekeeping. Prerequisites To follow this guide, you should be comfortable with basic PHP and the Laravel framework. You should understand how controllers handle HTTP requests and be familiar with standard validation rules like `required` and `min`. Key Libraries & Tools * **Artisan CLI**: The command-line interface used to scaffold new classes. * **FormRequest Class**: The base Laravel class that provides methods for authorization and validation. * **Validator**: The underlying engine that processes data against defined rules. Code Walkthrough First, generate your request class using Artisan: ```bash php artisan make:request StorePostRequest ``` This creates a file in `app/Http/Requests`. Inside, you’ll find two primary methods. The `authorize` method returns a boolean to determine if the user can proceed. Unlike manual controller checks, failing this automatically triggers a 403 response. ```python public function authorize(): bool { return $this->user()->can('create', Post::class); } ``` The `rules` method defines your data constraints. By moving these here, you can reuse the same request across different controllers or API endpoints. ```python public function rules(): array { return [ 'title' => 'required|max:255', 'status' => 'required|in:draft,published', 'text' => 'required', ]; } ``` Finally, type-hint the request in your controller. Laravel injects the validated instance, allowing you to call `$request->validated()` to retrieve only the safe data. Advanced Logic with the After Hook Sometimes validation depends on external state, like checking if a user has exceeded a post limit. The `after` method allows you to register closures or invokable classes that run after standard rules pass. This keeps complex, conditional logic out of your controller flow. ```python public function after(): array { return [ function ($validator) { if ($this->user()->posts()->count() > 1) { $validator->errors()->add('title', 'Limit reached.'); } } ]; } ``` Tips & Gotchas * **Automatic Redirects**: If validation fails, Laravel automatically redirects the user back to their previous location with error messages in the session. * **Initial False**: New Form Requests default `authorize` to `false`. Always remember to update this to `true` or add your logic, otherwise, you will face constant 403 errors.