einundzwanzig/einundzwanzig-app
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-06-11 02:50:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

**Enhance input validation and error handling across APIs**

Browse Source 
- 🛠️ Refactored controllers to utilize `FiltersNumericIds` concern, ensuring secure numeric ID filtering and avoiding type-sensitive errors in queries.
-  Added feature tests to validate robust input hardening for non-numeric or malformed query parameters (`user_id`, `selected[]`).
- 🔒 Introduced `PublicPropertyNotFoundException` handling in Livewire, returning 400 for invalid property probes and suppressing unnecessary log entries.
-  Updated `MeetupEventController` to handle invalid date formats gracefully, aborting with a 400 response instead of 500.
-  Expanded exception handling pipeline for enhanced resilience against malformed input, bot noise, and exploitable probes.
This commit is contained in:
HolgerHatGarKeineNode
2026-06-08 02:53:44 +02:00
parent 3b93e22e95
commit 3cad5f5636
11 changed files with 132 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/Api/LecturerController.php
+4 -4
View File
@@ -2,6 +2,7 @@
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Api\Concerns\FiltersNumericIds;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\StoreLecturerRequest;
use App\Http\Requests\Api\UpdateLecturerRequest;
@@ -20,6 +21,8 @@ use Symfony\Component\HttpFoundation\Response;
#[Group(name: 'Referenten', weight: 4)]
class LecturerController extends Controller
{
use FiltersNumericIds;
/**
* Referenten auflisten und durchsuchen
*
@@ -32,8 +35,6 @@ class LecturerController extends Controller
return Lecturer::query()
->select('id', 'name')
->orderBy('name')
// ->when($request->has('user_id'),
// fn(Builder $query) => $query->where('created_by', $request->user_id))
->when(
$request->search,
fn (Builder $query) => $query
@@ -41,8 +42,7 @@ class LecturerController extends Controller
)
->when(
$request->exists('selected'),
fn (Builder $query) => $query->whereIn('id',
$request->input('selected', [])),
fn (Builder $query) => $query->whereIn('id', $this->numericIds($request)),
fn (Builder $query) => $query->limit(10)
)
->get()