mirror of
https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git
synced 2026-06-11 02:50:29 +00:00
✨ **Enhance input validation and error handling across APIs**
- 🛠️ Refactored controllers to utilize `FiltersNumericIds` concern, ensuring secure numeric ID filtering and avoiding type-sensitive errors in queries. - ➕ Added feature tests to validate robust input hardening for non-numeric or malformed query parameters (`user_id`, `selected[]`). - 🔒 Introduced `PublicPropertyNotFoundException` handling in Livewire, returning 400 for invalid property probes and suppressing unnecessary log entries. - ❌ Updated `MeetupEventController` to handle invalid date formats gracefully, aborting with a 400 response instead of 500. - ✅ Expanded exception handling pipeline for enhanced resilience against malformed input, bot noise, and exploitable probes.
This commit is contained in:
HolgerHatGarKeineNode
@@ -2,6 +2,7 @@
|
||||
|
||||
namespace App\Http\Controllers\Api;
|
||||
|
||||
use App\Http\Controllers\Api\Concerns\FiltersNumericIds;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Api\StoreMeetupRequest;
|
||||
use App\Http\Requests\Api\UpdateMeetupRequest;
|
||||
@@ -20,6 +21,8 @@ use Illuminate\Support\Facades\Gate;
|
||||
#[Group(name: 'Meetups', weight: 3)]
|
||||
class MeetupController extends Controller
|
||||
{
|
||||
use FiltersNumericIds;
|
||||
|
||||
#[ExcludeRouteFromDocs]
|
||||
public function ical()
|
||||
{
|
||||
@@ -58,7 +61,7 @@ class MeetupController extends Controller
|
||||
)
|
||||
->when(
|
||||
$request->exists('selected'),
|
||||
fn (Builder $query) => $query->whereIn('id', $request->input('selected', [])),
|
||||
fn (Builder $query) => $query->whereIn('id', $this->numericIds($request)),
|
||||
fn (Builder $query) => $query->limit(10),
|
||||
)
|
||||
->get()
|
||||
|
||||
Reference in New Issue
Block a user