✨ **Enhance input validation and error handling across APIs**

- 🛠️ Refactored controllers to utilize `FiltersNumericIds` concern, ensuring secure numeric ID filtering and avoiding type-sensitive errors in queries. - ➕ Added feature tests to validate robust input hardening for non-numeric or malformed query parameters (`user_id`, `selected[]`). - 🔒 Introduced `PublicPropertyNotFoundException` handling in Livewire, returning 400 for invalid property probes and suppressing unnecessary log entries. - ❌ Updated `MeetupEventController` to handle invalid date formats gracefully, aborting with a 400 response instead of 500. - ✅ Expanded exception handling pipeline for enhanced resilience against malformed input, bot noise, and exploitable probes.
2026-06-17 16:40:31 +00:00 · 2026-06-08 02:53:44 +02:00
parent 3b93e22e95
commit 3cad5f5636
11 changed files with 132 additions and 15 deletions
@@ -0,0 +1,24 @@
+<?php
+
+namespace App\Http\Controllers\Api\Concerns;
+
+use Illuminate\Http\Request;
+
+trait FiltersNumericIds
+{
+    /**
+     * Reduziert einen Query-Parameter auf seine numerischen Werte als Integer-Liste.
+     *
+     * Schuetzt typsensitive whereIn('id', ...)-Klauseln vor nicht-numerischer Eingabe.
+     *
+     * @return array<int, int>
+     */
+    protected function numericIds(Request $request, string $key = 'selected'): array
+    {
+        return $request->collect($key)
+            ->filter(fn ($id) => is_numeric($id))
+            ->map(fn ($id) => (int) $id)
+            ->values()
+            ->all();
+    }
+}