Route protection - Laravel

Question

So I have a route with 3 parameters like so

Route::get('search-restaurant/{location}/{day}/{time}', 'WebController@search_restaurant');

For every request to this route, I want to verify these parameters in some way or another.

For the time parameter I've seen documentation of how to attach a regex to it but no documentation in 5.2 but even if I found the docs I need to verify others as well

So basically I have tried two different ways to check and verify the parameters but none are working.

Method 1 - Conroller

public function search_restaurant ($location, $day, $time) {

    if($day != 'today' || $day != 'tomorrow') {
        abort(500);
    } elseif (!in_array($location, $locations)) {
        abort(500);
    } elseif (!preg_match("/(2[0-3]|[01][0-9])([0-5][0-9])/", $time) && $time != "asap") {
        abort(500);
    } elseif ($day == "tomorrow" && $time == "asap") {
        abort(500);
    } else {
    .....//rest of code - send to view
    }
}

Method 2 - Middleware

public function handle($request, Closure $next)
{

    $location = $request->route('location');
    $day = $request->route('day');
    $time = $request->route('time');

    $locations = Array('central','garki-1','garki-2','wuse-2','wuse-1','gwarimpa','maitama','asokoro');

    if($day != 'today' || $day != 'tomorrow') { // check string
        abort(500);
    } elseif (!in_array($location, $locations)) { // check against array
        abort(500);
    } elseif (!preg_match("/(2[0-3]|[01][0-9])([0-5][0-9])/", $time) && $time != "asap") { // check agains regex
        abort(500);
    } elseif ($day == "tomorrow" && $time == "asap") { // check against string
        abort(500);
    }

    return $next($request);
}

As you can see I'm simple doing simple if..else statements on the variables but the conditions seem to always be true. I have tried these rules one by one also but every time they fail and I get sent to 500 page.

Any guidance appreciated

user3774430 · Accepted Answer

First of all, you might want to go back to the basics of conditionals.

If you need to verify 3 parameters, you would need to do 3 if

if ($param1 === $validLocation) {}
if ($param2 === $validDay) {}
if ($param3 === $validTime) {}

The way if...elseif...else conditionals work, is that, once the first condition is fulfilled, the rest of the conditions will not be checked anymore.

// if this condition is true, PHP will not check for further `elseif` or `else
if($day != 'today' || $day != 'tomorrow') {
    abort(500);
} elseif (!in_array($location, $locations)) {
    abort(500);
} else {
    //rest of code - send to view
}

I apologize for getting off-topic, but yes, in 5.2 docs, the regex might have been removed or moved somewhere else, but you can still find those docs in 5.1

Nevertheless, I would recommend you to use constraints in your route instead of checking it in your controller or middleware.

Route::get('test/{location}/{day}/{time}', function ($location, $day, $time) {
    dd($location, $day, $time);
})->where([
    'location' => 'central|garki-1|garki-2|wuse-2|wuse-1|gwarimpa|maitama|asokoro',
    'day' => 'today|tomorrow',
    'time' => 'asap|(2[0-3]|[01][0-9])([0-5][0-9])',
]);

The above route will check for regex on all the parameters before passing it to the Closure or Controller@action (modify as needed)

Here is the link to the 5.1 docs in case you needed it.

Route protection - Laravel

Answers (2)

Related Questions