dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(validation): centralize validation patterns for names and descriptions

Browse Source 
- Introduced `ValidationPatterns` class to standardize validation rules and messages for name and description fields across the application.
- Updated various components and models to utilize the new validation patterns, ensuring consistent sanitization and validation logic.
- Replaced the `HasSafeNameAttribute` trait with `HasSafeStringAttribute` to enhance attribute handling and maintain consistency in name sanitization.
- Enhanced the `CleanupNames` command to align with the new validation rules, allowing for a broader range of valid characters in names.
This commit is contained in:
Andras Bacsai
2025-08-19 12:14:48 +02:00
parent 0bb9ee4327
commit 38c0641734
30 changed files with 238 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/Console/Commands/CleanupNames.php
View File

@@ -20,6 +20,7 @@ use App\Models\StandalonePostgresql;
use App\Models\StandaloneRedis;
use App\Models\Tag;
use App\Models\Team;
use App\Support\ValidationPatterns;
use Illuminate\Console\Command;
use Illuminate\Support\Facades\Log;
@@ -31,7 +32,7 @@ class CleanupNames extends Command
{--backup : Create database backup before changes}
{--force : Skip confirmation prompt}';
protected $description = 'Sanitize name fields by removing invalid characters (keeping only letters, numbers, spaces, dashes, underscores, dots)';
protected $description = 'Sanitize name fields by removing invalid characters (keeping only letters, numbers, spaces, dashes, underscores, dots, slashes, colons, parentheses)';
protected array $modelsToClean = [
'Project' => Project::class,
@@ -148,7 +149,9 @@ class CleanupNames extends Command
protected function sanitizeName(string $name): string
{
// Remove all characters that don't match the allowed pattern
$sanitized = preg_replace('/[^a-zA-Z0-9\s\-_.]+/', '', $name);
// Use the shared ValidationPatterns to ensure consistency
$allowedPattern = str_replace(['/', '^', '$'], '', ValidationPatterns::NAME_PATTERN);
$sanitized = preg_replace('/[^'.$allowedPattern.']+/', '', $name);
// Clean up excessive whitespace but preserve other allowed characters
$sanitized = preg_replace('/\s+/', ' ', $sanitized);

31
app/Http/Controllers/Api/ProjectController.php
View File

@@ -4,6 +4,7 @@ namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\Project;
use App\Support\ValidationPatterns;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Validator;
use OpenApi\Attributes as OA;
@@ -229,14 +230,9 @@ class ProjectController extends Controller
return $return;
}
$validator = Validator::make($request->all(), [
'name' => ['required', 'string', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'],
'description' => 'string|nullable',
], [
'name.regex' => 'The project name may only contain letters, numbers, spaces, dashes, underscores, and dots.',
'name.required' => 'The project name is required.',
'name.min' => 'The project name must be at least 3 characters.',
'name.max' => 'The project name may not be greater than 255 characters.',
]);
'name' => ValidationPatterns::nameRules(),
'description' => ValidationPatterns::descriptionRules(),
], ValidationPatterns::combinedMessages());
$extraFields = array_diff(array_keys($request->all()), $allowedFields);
if ($validator->fails() || ! empty($extraFields)) {
@@ -344,13 +340,9 @@ class ProjectController extends Controller
return $return;
}
$validator = Validator::make($request->all(), [
'name' => ['nullable', 'string', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'],
'description' => 'string|nullable',
], [
'name.regex' => 'The project name may only contain letters, numbers, spaces, dashes, underscores, and dots.',
'name.min' => 'The project name must be at least 3 characters.',
'name.max' => 'The project name may not be greater than 255 characters.',
]);
'name' => ValidationPatterns::nameRules(required: false),
'description' => ValidationPatterns::descriptionRules(),
], ValidationPatterns::combinedMessages());
$extraFields = array_diff(array_keys($request->all()), $allowedFields);
if ($validator->fails() || ! empty($extraFields)) {
@@ -590,13 +582,8 @@ class ProjectController extends Controller
return $return;
}
$validator = Validator::make($request->all(), [
'name' => ['required', 'string', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'],
], [
'name.regex' => 'The environment name may only contain letters, numbers, spaces, dashes, underscores, and dots.',
'name.required' => 'The environment name is required.',
'name.min' => 'The environment name must be at least 3 characters.',
'name.max' => 'The environment name may not be greater than 255 characters.',
]);
'name' => ValidationPatterns::nameRules(),
], ValidationPatterns::nameMessages());
$extraFields = array_diff(array_keys($request->all()), $allowedFields);
if ($validator->fails() || ! empty($extraFields)) {

21
app/Livewire/Project/AddEmpty.php
View File

@@ -3,23 +3,28 @@
namespace App\Livewire\Project;
use App\Models\Project;
use Livewire\Attributes\Validate;
use App\Support\ValidationPatterns;
use Livewire\Component;
use Visus\Cuid2\Cuid2;
class AddEmpty extends Component
{
#[Validate(['required', 'string', 'min:3', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'])]
public string $name;
#[Validate(['nullable', 'string'])]
public string $description = '';
protected $messages = [
'name.regex' => 'The name may only contain letters, numbers, spaces, dashes, underscores, and dots.',
'name.min' => 'The name must be at least 3 characters.',
'name.max' => 'The name may not be greater than 255 characters.',
];
protected function rules(): array
{
return [
'name' => ValidationPatterns::nameRules(),
'description' => ValidationPatterns::descriptionRules(),
];
}
protected function messages(): array
{
return ValidationPatterns::combinedMessages();
}
public function submit()
{

19
app/Livewire/Project/CloneMe.php
View File

@@ -11,6 +11,7 @@ use App\Jobs\VolumeCloneJob;
use App\Models\Environment;
use App\Models\Project;
use App\Models\Server;
use App\Support\ValidationPatterns;
use Livewire\Component;
use Visus\Cuid2\Cuid2;
@@ -42,14 +43,14 @@ class CloneMe extends Component
public bool $cloneVolumeData = false;
protected $messages = [
'selectedServer' => 'Please select a server.',
'selectedDestination' => 'Please select a server & destination.',
'newName.required' => 'Please enter a name for the new project or environment.',
'newName.regex' => 'The name may only contain letters, numbers, spaces, dashes, underscores, and dots.',
'newName.min' => 'The name must be at least 3 characters.',
'newName.max' => 'The name may not be greater than 255 characters.',
];
protected function messages(): array
{
return array_merge([
'selectedServer' => 'Please select a server.',
'selectedDestination' => 'Please select a server & destination.',
'newName.required' => 'Please enter a name for the new project or environment.',
], ValidationPatterns::nameMessages());
}
public function mount($project_uuid)
{
@@ -93,7 +94,7 @@ class CloneMe extends Component
try {
$this->validate([
'selectedDestination' => 'required',
'newName' => ['required', 'string', 'min:3', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'],
'newName' => ValidationPatterns::nameRules(),
]);
if ($type === 'project') {
$foundProject = Project::where('name', $this->newName)->first();

21
app/Livewire/Project/Edit.php
View File

@@ -3,24 +3,29 @@
namespace App\Livewire\Project;
use App\Models\Project;
use Livewire\Attributes\Validate;
use App\Support\ValidationPatterns;
use Livewire\Component;
class Edit extends Component
{
public Project $project;
#[Validate(['required', 'string', 'min:3', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'])]
public string $name;
#[Validate(['nullable', 'string', 'max:255'])]
public ?string $description = null;
protected $messages = [
'name.regex' => 'The name may only contain letters, numbers, spaces, dashes, underscores, and dots.',
'name.min' => 'The name must be at least 3 characters.',
'name.max' => 'The name may not be greater than 255 characters.',
];
protected function rules(): array
{
return [
'name' => ValidationPatterns::nameRules(),
'description' => ValidationPatterns::descriptionRules(),
];
}
protected function messages(): array
{
return ValidationPatterns::combinedMessages();
}
public function mount(string $project_uuid)
{

21
app/Livewire/Project/EnvironmentEdit.php
View File

@@ -4,8 +4,8 @@ namespace App\Livewire\Project;
use App\Models\Application;
use App\Models\Project;
use App\Support\ValidationPatterns;
use Livewire\Attributes\Locked;
use Livewire\Attributes\Validate;
use Livewire\Component;
class EnvironmentEdit extends Component
@@ -17,17 +17,22 @@ class EnvironmentEdit extends Component
#[Locked]
public $environment;
#[Validate(['required', 'string', 'min:3', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'])]
public string $name;
#[Validate(['nullable', 'string', 'max:255'])]
public ?string $description = null;
protected $messages = [
'name.regex' => 'The environment name may only contain letters, numbers, spaces, dashes, underscores, and dots.',
'name.min' => 'The environment name must be at least 3 characters.',
'name.max' => 'The environment name may not be greater than 255 characters.',
];
protected function rules(): array
{
return [
'name' => ValidationPatterns::nameRules(),
'description' => ValidationPatterns::descriptionRules(),
];
}
protected function messages(): array
{
return ValidationPatterns::combinedMessages();
}
public function mount(string $project_uuid, string $environment_uuid)
{

21
app/Livewire/Project/Show.php
View File

@@ -4,7 +4,7 @@ namespace App\Livewire\Project;
use App\Models\Environment;
use App\Models\Project;
use Livewire\Attributes\Validate;
use App\Support\ValidationPatterns;
use Livewire\Component;
use Visus\Cuid2\Cuid2;
@@ -12,17 +12,22 @@ class Show extends Component
{
public Project $project;
#[Validate(['required', 'string', 'min:3', 'max:255', 'regex:/^[a-zA-Z0-9\s\-_.]+$/'])]
public string $name;
#[Validate(['nullable', 'string'])]
public ?string $description = null;
protected $messages = [
'name.regex' => 'The environment name may only contain letters, numbers, spaces, dashes, underscores, and dots.',
'name.min' => 'The environment name must be at least 3 characters.',
'name.max' => 'The environment name may not be greater than 255 characters.',
];
protected function rules(): array
{
return [
'name' => ValidationPatterns::nameRules(),
'description' => ValidationPatterns::descriptionRules(),
];
}
protected function messages(): array
{
return ValidationPatterns::combinedMessages();
}
public function mount(string $project_uuid)
{

4
app/Models/Application.php
View File

@@ -5,7 +5,7 @@ namespace App\Models;
use App\Enums\ApplicationDeploymentStatus;
use App\Services\ConfigurationGenerator;
use App\Traits\HasConfiguration;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\HasMany;
@@ -110,7 +110,7 @@ use Visus\Cuid2\Cuid2;
class Application extends BaseModel
{
use HasConfiguration, HasFactory, HasSafeNameAttribute, SoftDeletes;
use HasConfiguration, HasFactory, HasSafeStringAttribute, SoftDeletes;
private static $parserVersion = '5';

11
app/Models/Environment.php
View File

@@ -2,8 +2,7 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use App\Traits\HasSafeStringAttribute;
use OpenApi\Attributes as OA;
#[OA\Schema(
@@ -20,7 +19,7 @@ use OpenApi\Attributes as OA;
)]
class Environment extends BaseModel
{
use HasSafeNameAttribute;
use HasSafeStringAttribute;
protected $guarded = [];
@@ -122,10 +121,8 @@ class Environment extends BaseModel
return $this->hasMany(Service::class);
}
protected function name(): Attribute
protected function customizeName($value)
{
return Attribute::make(
set: fn (string $value) => str($value)->lower()->trim()->replace('/', '-')->toString(),
);
return str($value)->lower()->trim()->replace('/', '-')->toString();
}
}

6
app/Models/LocalPersistentVolume.php
View File

@@ -24,11 +24,9 @@ class LocalPersistentVolume extends Model
return $this->morphTo('resource');
}
protected function name(): Attribute
protected function customizeName($value)
{
return Attribute::make(
set: fn (string $value) => str($value)->trim()->value,
);
return str($value)->trim()->value;
}
protected function mountPath(): Attribute

4
app/Models/PrivateKey.php
View File

@@ -2,7 +2,7 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use DanHarrin\LivewireRateLimiting\WithRateLimiting;
use Illuminate\Support\Facades\Storage;
use Illuminate\Validation\ValidationException;
@@ -28,7 +28,7 @@ use phpseclib3\Crypt\PublicKeyLoader;
)]
class PrivateKey extends BaseModel
{
use HasSafeNameAttribute, WithRateLimiting;
use HasSafeStringAttribute, WithRateLimiting;
protected $fillable = [
'name',

4
app/Models/Project.php
View File

@@ -2,7 +2,7 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use OpenApi\Attributes as OA;
use Visus\Cuid2\Cuid2;
@@ -24,7 +24,7 @@ use Visus\Cuid2\Cuid2;
)]
class Project extends BaseModel
{
use HasSafeNameAttribute;
use HasSafeStringAttribute;
protected $guarded = [];

4
app/Models/S3Storage.php
View File

@@ -2,14 +2,14 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Notifications\Messages\MailMessage;
use Illuminate\Support\Facades\Storage;
class S3Storage extends BaseModel
{
use HasFactory, HasSafeNameAttribute;
use HasFactory, HasSafeStringAttribute;
protected $guarded = [];

4
app/Models/ScheduledTask.php
View File

@@ -2,13 +2,13 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\Relations\HasOne;
class ScheduledTask extends BaseModel
{
use HasSafeNameAttribute;
use HasSafeStringAttribute;
protected $guarded = [];

4
app/Models/Server.php
View File

@@ -13,7 +13,7 @@ use App\Jobs\RegenerateSslCertJob;
use App\Notifications\Server\Reachable;
use App\Notifications\Server\Unreachable;
use App\Services\ConfigurationRepository;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
@@ -165,7 +165,7 @@ class Server extends BaseModel
protected $guarded = [];
use HasSafeNameAttribute;
use HasSafeStringAttribute;
public function type()
{

4
app/Models/Service.php
View File

@@ -3,7 +3,7 @@
namespace App\Models;
use App\Enums\ProcessStatus;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\HasMany;
@@ -41,7 +41,7 @@ use Visus\Cuid2\Cuid2;
)]
class Service extends BaseModel
{
use HasFactory, HasSafeNameAttribute, SoftDeletes;
use HasFactory, HasSafeStringAttribute, SoftDeletes;
private static $parserVersion = '5';

4
app/Models/StandaloneClickhouse.php
View File

@@ -2,14 +2,14 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneClickhouse extends BaseModel
{
use HasFactory, HasSafeNameAttribute, SoftDeletes;
use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = [];

4
app/Models/StandaloneDocker.php
View File

@@ -2,11 +2,11 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
class StandaloneDocker extends BaseModel
{
use HasSafeNameAttribute;
use HasSafeStringAttribute;
protected $guarded = [];

4
app/Models/StandaloneDragonfly.php
View File

@@ -2,14 +2,14 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneDragonfly extends BaseModel
{
use HasFactory, HasSafeNameAttribute, SoftDeletes;
use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = [];

4
app/Models/StandaloneKeydb.php
View File

@@ -2,14 +2,14 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneKeydb extends BaseModel
{
use HasFactory, HasSafeNameAttribute, SoftDeletes;
use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = [];

4
app/Models/StandaloneMariadb.php
View File

@@ -2,7 +2,7 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\MorphTo;
@@ -10,7 +10,7 @@ use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneMariadb extends BaseModel
{
use HasFactory, HasSafeNameAttribute, SoftDeletes;
use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = [];

4
app/Models/StandaloneMongodb.php
View File

@@ -2,14 +2,14 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneMongodb extends BaseModel
{
use HasFactory, HasSafeNameAttribute, SoftDeletes;
use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = [];

4
app/Models/StandaloneMysql.php
View File

@@ -2,14 +2,14 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneMysql extends BaseModel
{
use HasFactory, HasSafeNameAttribute, SoftDeletes;
use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = [];

4
app/Models/StandalonePostgresql.php
View File

@@ -2,14 +2,14 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes;
class StandalonePostgresql extends BaseModel
{
use HasFactory, HasSafeNameAttribute, SoftDeletes;
use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = [];

4
app/Models/StandaloneRedis.php
View File

@@ -2,14 +2,14 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\SoftDeletes;
class StandaloneRedis extends BaseModel
{
use HasFactory, HasSafeNameAttribute, SoftDeletes;
use HasFactory, HasSafeStringAttribute, SoftDeletes;
protected $guarded = [];

12
app/Models/Tag.php
View File

@@ -2,21 +2,17 @@
namespace App\Models;
use App\Traits\HasSafeNameAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use App\Traits\HasSafeStringAttribute;
class Tag extends BaseModel
{
use HasSafeNameAttribute;
use HasSafeStringAttribute;
protected $guarded = [];
public function name(): Attribute
protected function customizeName($value)
{
return Attribute::make(
get: fn ($value) => strtolower($value),
set: fn ($value) => strtolower($value)
);
return strtolower($value);
}
public static function ownedByCurrentTeam()

4
app/Models/Team.php
View File

@@ -8,7 +8,7 @@ use App\Notifications\Channels\SendsEmail;
use App\Notifications\Channels\SendsPushover;
use App\Notifications\Channels\SendsSlack;
use App\Traits\HasNotificationSettings;
use App\Traits\HasSafeNameAttribute;
use App\Traits\HasSafeStringAttribute;
use Illuminate\Database\Eloquent\Casts\Attribute;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Notifications\Notifiable;
@@ -37,7 +37,7 @@ use OpenApi\Attributes as OA;
class Team extends Model implements SendsDiscord, SendsEmail, SendsPushover, SendsSlack
{
use HasNotificationSettings, HasSafeNameAttribute, Notifiable;
use HasNotificationSettings, HasSafeStringAttribute, Notifiable;
protected $guarded = [];

93
app/Support/ValidationPatterns.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
namespace App\Support;
/**
* Shared validation patterns for consistent use across the application
*/
class ValidationPatterns
{
/**
* Pattern for names (allows letters, numbers, spaces, dashes, underscores, dots, slashes, colons, parentheses)
* Matches CleanupNames::sanitizeName() allowed characters
*/
public const NAME_PATTERN = '/^[a-zA-Z0-9\s\-_.:\/()]+$/';
/**
* Pattern for descriptions (allows more characters including quotes, commas, etc.)
* More permissive than names but still restricts dangerous characters
*/
public const DESCRIPTION_PATTERN = '/^[a-zA-Z0-9\s\-_.:\/()\'\",.!?@#%&+=\[\]{}|~`*]+$/';
/**
* Get validation rules for name fields
*/
public static function nameRules(bool $required = true, int $minLength = 3, int $maxLength = 255): array
{
$rules = [];
if ($required) {
$rules[] = 'required';
} else {
$rules[] = 'nullable';
}
$rules[] = 'string';
$rules[] = "min:$minLength";
$rules[] = "max:$maxLength";
$rules[] = 'regex:'.self::NAME_PATTERN;
return $rules;
}
/**
* Get validation rules for description fields
*/
public static function descriptionRules(bool $required = false, int $maxLength = 255): array
{
$rules = [];
if ($required) {
$rules[] = 'required';
} else {
$rules[] = 'nullable';
}
$rules[] = 'string';
$rules[] = "max:$maxLength";
$rules[] = 'regex:'.self::DESCRIPTION_PATTERN;
return $rules;
}
/**
* Get validation messages for name fields
*/
public static function nameMessages(): array
{
return [
'name.regex' => 'The name may only contain letters, numbers, spaces, dashes (-), underscores (_), dots (.), slashes (/), colons (:), and parentheses ().',
'name.min' => 'The name must be at least :min characters.',
'name.max' => 'The name may not be greater than :max characters.',
];
}
/**
* Get validation messages for description fields
*/
public static function descriptionMessages(): array
{
return [
'description.regex' => 'The description contains invalid characters. Only letters, numbers, spaces, and common punctuation (- _ . : / () \' " , ! ? @ # % & + = [] {} | ~ ` *) are allowed.',
'description.max' => 'The description may not be greater than :max characters.',
];
}
/**
* Get combined validation messages for both name and description fields
*/
public static function combinedMessages(): array
{
return array_merge(self::nameMessages(), self::descriptionMessages());
}
}

14
app/Traits/HasSafeNameAttribute.php
View File

@@ -1,14 +0,0 @@
<?php
namespace App\Traits;
trait HasSafeNameAttribute
{
/**
* Set the name attribute - strip any HTML tags for safety
*/
public function setNameAttribute($value)
{
$this->attributes['name'] = strip_tags($value);
}
}

25
app/Traits/HasSafeStringAttribute.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
namespace App\Traits;
trait HasSafeStringAttribute
{
/**
* Set the name attribute - strip any HTML tags for safety
*/
public function setNameAttribute($value)
{
$sanitized = strip_tags($value);
$this->attributes['name'] = $this->customizeName($sanitized);
}
protected function customizeName($value)
{
return $value; // Default: no customization
}
public function setDescriptionAttribute($value)
{
$this->attributes['description'] = strip_tags($value);
}
}