Some request validation.

galli-leo · galli-leo · commit 45d63560dfd8 · 2017-06-23T22:52:06.000+02:00
diff --git a/app/Http/Controllers/API/MappingsController.php b/app/Http/Controllers/API/MappingsController.php
@@ -22,6 +22,8 @@
 use MappingsCache;
 use App\Event;
 use App\MappingMovie;
+use App\Http\Requests;
+use App\Http\Requests\MappingAddRequest;
 
 
 class MappingsController extends JSONController
@@ -37,13 +39,24 @@ public function get(Request $request) {
 
          $mapping = Mapping::find($id);
 
+         if ($mapping == null)
+         {
+             abort(404, "Mapping with id $id was not found. Maybe it was removed?");
+         }
+
 		 return response()->json($mapping)->header("Access-Control-Allow-Origin", "*");
 	 }
 
 	 public function find(Request $request)
      {
          $tmdbid = $request->query("tmdbid");
          $movie = MappingMovie::find($tmdbid);
+
+         if ($movie == null)
+         {
+             abort(404, "Movie with tmdbid $tmdbid was not found. Either it does not exist or no mappings have been added yet");
+         }
+
          $type = $request->query("type");
 
          $titles = [];
@@ -64,14 +77,19 @@ public function find(Request $request)
          return response()->json($movie)->header("Access-Control-Allow-Origin", "*");
      }
 
-   public function add(Request $request) {
+   public function add(MappingAddRequest $request) {
         $tmdbid = $request->query("tmdbid");
         $type = $request->query("type");
 
         //Ensure that the movie is in our mapping database!
         if (!MappingMovie::find($tmdbid))
         {
-            Movie::find($tmdbid)->createMappingMovie()->save();
+            $movie = Movie::find($tmdbid);
+            if ($movie == null)
+            {
+                abort(422, "The movie with the given tmdbid could not be found!");
+            }
+            $movie->createMappingMovie()->save();
         }
 
         $existing = false;
@@ -121,11 +139,22 @@ public function add(Request $request) {
    public function vote(Request $request) {
       $id = $request->query("id");
       $direction = $request->query("direction");
-      if (!isset($direction))
+      if (!isset($direction) || $direction > 1)
       {
           $direction = 1;
       }
+
+      if ($direction < 1)
+      {
+          $direction = -1;
+      }
       $mapping = Mapping::find($id);
+
+      if ($mapping == null)
+      {
+          abort(404,"Mapping with id $id was not found. Maybe it was removed?");
+      }
+
       $mapping->vote($direction);
 
       return response()->json($mapping)->header("Access-Control-Allow-Origin", "*");
diff --git a/app/Http/Requests/MappingRequests.php b/app/Http/Requests/MappingRequests.php
@@ -0,0 +1,71 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Http\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Illuminate\Validation\Rule;
+
+class MappingAddRequest extends JSONRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        $arr = [
+          'tmdbid' => array(
+            "required",
+            "regex:/^\d+$/"
+          ),
+            'type' => array(
+                "required",
+                Rule::in(['title', 'year']),
+            )
+        ];
+
+        if ($this->input("type") == "title")
+        {
+            $arr["aka_title"] = ["required", "regex:/^.{2}.+/"];
+        }
+        else if ($this->input("type") == "year")
+        {
+            $arr["aka_year"] = ["required", "regex:/^(19|20)\d{2}$/"];
+        }
+
+        return $arr;
+    }
+
+    /**
+     * Get the error messages for the defined validation rules.
+     *
+     * @return array
+     */
+    public function messages()
+    {
+        return [
+            'tmdbid.required' => 'A tmdbid for the movie is required',
+            'tmdbid.regex'  => 'The format of the tmdbid given is invalid!',
+            "type.required" => "The type of mapping to add is required",
+            "type.in" => "The type of mapping has to either be 'title' or 'year'.",
+            "aka_year.required" => "The alternative year is required with type 'year'.",
+            "aka_year.regex" => "The alternative year has to be a valid movie year.",
+            "aka_title.required" => "The alternative title is required with type 'title'",
+            "aka_title.regex" => "The alternative title must be at least 3 letters long"
+        ];
+    }
+
+}
