einundzwanzig/einundzwanzig-app
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-06-11 02:50:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

**Enhance input validation and error handling across APIs**

Browse Source 
- 🛠️ Refactored controllers to utilize `FiltersNumericIds` concern, ensuring secure numeric ID filtering and avoiding type-sensitive errors in queries.
-  Added feature tests to validate robust input hardening for non-numeric or malformed query parameters (`user_id`, `selected[]`).
- 🔒 Introduced `PublicPropertyNotFoundException` handling in Livewire, returning 400 for invalid property probes and suppressing unnecessary log entries.
-  Updated `MeetupEventController` to handle invalid date formats gracefully, aborting with a 400 response instead of 500.
-  Expanded exception handling pipeline for enhanced resilience against malformed input, bot noise, and exploitable probes.
This commit is contained in:
HolgerHatGarKeineNode
2026-06-08 02:53:44 +02:00
parent 3b93e22e95
commit 3cad5f5636
11 changed files with 132 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/Api/CourseController.php
+5 -3
View File
@@ -2,6 +2,7 @@
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Api\Concerns\FiltersNumericIds;
use App\Http\Controllers\Controller;
use App\Models\Course;
use Dedoc\Scramble\Attributes\ExcludeRouteFromDocs;
@@ -16,6 +17,8 @@ use Symfony\Component\HttpFoundation\Response;
#[Group(name: 'Kurse', weight: 1)]
class CourseController extends Controller
{
use FiltersNumericIds;
/**
* Kurse auflisten und durchsuchen
*
@@ -32,7 +35,7 @@ class CourseController extends Controller
->select('id', 'name')
->orderBy('name')
->when($request->has('user_id'),
fn (Builder $query) => $query->where('created_by', $request->user_id))
fn (Builder $query) => $query->where('created_by', $request->integer('user_id')))
->when(
$request->search,
fn (Builder $query) => $query
@@ -40,8 +43,7 @@ class CourseController extends Controller
)
->when(
$request->exists('selected'),
fn (Builder $query) => $query->whereIn('id',
$request->input('selected', [])),
fn (Builder $query) => $query->whereIn('id', $this->numericIds($request)),
fn (Builder $query) => $query->limit(10)
)
->get()