membrane / laravel
Requires
- php: ^8.2.0
- crell/api-problem: ^3.6.1
- illuminate/console: ^9.0 || ^10.0 || ^11.0
- illuminate/http: ^9.0 || ^10.0 || ^11.0
- illuminate/support: ^9.0 || ^10.0 || ^11.0
- membrane/membrane: ^0.8
- membrane/openapi-router: ^0.5
- nyholm/psr7: ^1.8
- symfony/psr-http-message-bridge: ^7.2
Requires (Dev)
- phpstan/phpstan: ^2.1.1
- phpunit/phpunit: ^10.5.40
- squizlabs/php_codesniffer: ^3.7
README
Integrates Membrane-core with Laravel.
About
Middleware that validates the raw user input from incoming HTTP requests against your OpenAPI spec.
Adds a Membrane\Result\Result
onto your Illuminate\Contracts\Container\Container
.
The Result object contains the cleaned up data and additional details in the case of invalid requests.
Setup
Installation
Require the membrane/laravel
package in your composer.json and update your dependencies:
composer require membrane/laravel
Configuration
The defaults are set in config/membrane.php
.
To publish a copy to your own config, use the following:
php artisan vendor:publish --tag="membrane"
API Spec File
This is the absolute filepath of your OpenAPI.
By default, it looks for <your-project-directory>/api/openapi.yaml
.
Validation Error Response Code
Set 'validation_error_response_code'
to the integer value of the default http status code for invalid results.
Validation Error Response Type
Set 'validation_error_response_type'
to the string value of the default response type for API problems.
API Problem Response Types
Within the 'api_problem_response_types'
array:
Set integer http status code => string response type pairs.
These are more specific and will override the default value set by 'validation_error_response_type'
Usage
Requests
The \Membrane\Laravel\Middleware\RequestValidation
middleware will validate or invalidate incoming requests and let
you decide
how to react.
You can follow it with your own custom middleware or with one of the following built-in options to produce an error
response:
Responses
Any response middleware MUST follow the RequestValidation
middleware as it requires the result
object being added to
your container.
These middlewares will check whether the request has passed or failed validation.
Invalid requests will return an appropriate response detailing the reasons the request was invalid.
Your response can be in one of the following formats.
Flat Json
\Membrane\Laravel\Middleware\ResponseJsonFlat
{
"errors":{
"pet->id":["must be an integer"],
"pet":["name is a required field"]
},
"title":"Request payload failed validation",
"type":"about:blank",
"status":400
}
Nested Json
\Membrane\Laravel\Middleware\ResponseJsonNested
{
"errors":{
"errors":[],
"fields":{
"pet":{
"errors":[
"name is a required field"
],
"fields":{
"id":{
"errors":[
"must be an integer"
],
"fields":[]
}
}
}
}
},
"title":"Request payload failed validation",
"type":"about:blank",
"status":400
}
Global Usage
To use any of the above middlewares on all routes, go into your app/Http/Kernel.php
and add them to your middleware
array.
For example:
protected $middleware = [ \Membrane\Laravel\Middleware\RequestValidation::class, \Membrane\Laravel\Middleware\ResponseJsonFlat::class // ... ];