feat: implement request validation rules {Includes, Fields}

Author: Ark4ne

readme.md

@@ -16,6 +16,64 @@ This package is an specialisation of Laravel's `JsonResource` class.
 All the underlying API's are still there, thus in your controller you can still interact
 with `JsonApiResource` classes as you would with the base `JsonResource` class
 
+## Request
+This package allows the reading and dynamic inclusion of resources that will be requested in the requests via the "include" parameter.  
+**@see** _[{json:api} fetching-includes](https://jsonapi.org/format/#fetching-includes)_
+
+Resource attributes will also be filtered according to the "fields" parameter.  
+**@see** _[{json:api} fetching-fields](https://jsonapi.org/format/#fetching-sparse-fieldsets)_  
+
+You can also very simply validate your requests for a given resource via the rules `Rules\Includes` and `Rules\Fields`.
+
+### Include validation
+
+```php
+use \Ark4ne\JsonApi\Requests\Rules\Includes;
+use \Illuminate\Foundation\Http\FormRequest;
+
+class UserFetchRequest extends FormRequest
+{
+    public function rules()
+    {
+        return [
+            'include' => [new Includes(UserResource::class)],
+        ]
+    }
+}
+```
+
+`Rules\Includes` will validate the include to exactly match the UserResource schema (determined by the relationships).
+
+
+### Fields validation
+
+```php
+use \Ark4ne\JsonApi\Requests\Rules\Fields;
+use \Illuminate\Foundation\Http\FormRequest;
+
+class UserFetchRequest extends FormRequest
+{
+    public function rules()
+    {
+        return [
+            'include' => [new Fields(UserResource::class)],
+        ]
+    }
+}
+```
+
+`Rules\Fields` will validate the fields to exactly match the UserResource schema (determined by the attributes and relationships).
+
+
+### Customize validation message
+| Trans key                                             | default                                              |
+|-------------------------------------------------------|------------------------------------------------------|
+| `validation.custom.jsonapi.fields.invalid`            | The selected :attribute is invalid.                  |
+| `validation.custom.jsonapi.fields.invalid_fields`     | ":resource" doesn \' t have fields ":fields".        |
+| `validation.custom.jsonapi.fields.invalid_resource`   | ":resource" doesn \' t exists.                       |
+| `validation.custom.jsonapi.includes.invalid`          | The selected :attribute is invalid.                  |
+| `validation.custom.jsonapi.includes.invalid_includes` | ":include" doesn \' t have relationship ":relation". |
+
 ## Resource
 **@see** _[{json:api} resource-type](https://jsonapi.org/format/#document-resource-objects)_
 
@@ -145,6 +203,13 @@ _**@see** [{json:api} resources-relationships](https://jsonapi.org/format/#docum
 
 Returns resource relationships.
 
+All relationships **must** be created with `ModelResource::relationship`. 
+This allows the generation of the schema representing the resource and thus the validation of request includes.
+
+If your relation should have been a collection created via the `::collection(...)` method, you can simply use `->asCollection()`.
+
+If you want the relation data to be loaded only when it is present in the request include, you can use the `->whenIncluded()` method.
+
 ```php
 protected function toRelationships(Request $request): array
 {

src/Requests/Rules/Fields.php

@@ -0,0 +1,92 @@
+<?php
+
+namespace Ark4ne\JsonApi\Requests\Rules;
+
+use Ark4ne\JsonApi\Requests\Rules\Traits\UseTrans;
+use Ark4ne\JsonApi\Support\Fields as SupportFields;
+use Illuminate\Contracts\Validation\Rule;
+
+/**
+ * @template T as \Ark4ne\JsonApi\Resource\JsonApiResource
+ */
+class Fields implements Rule
+{
+    use UseTrans;
+
+    protected array $failures;
+
+    /**
+     * @param class-string<T> $resource
+     */
+    public function __construct(
+        protected string $resource
+    ) {
+    }
+
+    public function passes($attribute, $value): bool
+    {
+        $desired = SupportFields::parse($value);
+        $schema = $this->resource::schema();
+
+        return $this->assert($schema, $desired);
+    }
+
+    public function message()
+    {
+        $base = 'validation.custom.jsonapi.fields';
+        $message = $this->trans(
+            "$base.invalid",
+            'The selected :attribute is invalid.'
+        );
+
+        return array_merge($message, ...array_map(
+            fn($failure) => isset($failure[':fields'])
+                ? $this->trans(
+                    "$base.invalid_fields",
+                    '":resource" doesn\'t have fields ":fields".',
+                    $failure
+                )
+                : $this->trans(
+                    "$base.invalid_resource",
+                    '":resource" doesn\'t exists.',
+                    $failure
+                ),
+            $this->failures
+        ));
+    }
+
+    private function assert(object $schema, array $desired): bool
+    {
+        $resources = $this->extractSchemaFields($schema);
+
+        foreach ($desired as $resource => $fields) {
+            if (!isset($resources[$resource])) {
+                $this->failures[] = [
+                    ':resource' => $resource
+                ];
+            } elseif (!empty($diff = array_diff($fields, $resources[$resource]))) {
+                $this->failures[] = [
+                    ':resource' => $resource,
+                    ':fields' => implode(',', $diff)
+                ];
+            }
+        }
+
+        return empty($this->failures);
+    }
+
+    private function extractSchemaFields(object $schema, array $resources = []): array
+    {
+        if (isset($resources[$schema->type])) {
+            return $resources;
+        }
+
+        $resources[$schema->type] = $schema->fields;
+
+        foreach ($schema->relationships as $relationship) {
+            $resources = $this->extractSchemaFields($relationship, $resources);
+        }
+
+        return $resources;
+    }
+}

src/Requests/Rules/Includes.php

@@ -0,0 +1,72 @@
+<?php
+
+namespace Ark4ne\JsonApi\Requests\Rules;
+
+use Ark4ne\JsonApi\Requests\Rules\Traits\UseTrans;
+use Ark4ne\JsonApi\Support\Includes as SupportIncludes;
+use Illuminate\Contracts\Validation\Rule;
+
+/**
+ * @template T as \Ark4ne\JsonApi\Resource\JsonApiResource
+ */
+class Includes implements Rule
+{
+    use UseTrans;
+
+    protected array $failures;
+
+    /**
+     * @param class-string<T> $resource
+     */
+    public function __construct(
+        protected string $resource
+    ) {
+    }
+
+    public function passes($attribute, $value): bool
+    {
+        $desired = SupportIncludes::parse($value);
+        $schema = $this->resource::schema();
+
+        return $this->assert($schema, $desired);
+    }
+
+    public function message()
+    {
+        $base = 'validation.custom.jsonapi.includes';
+        $message = $this->trans(
+            "$base.invalid",
+            'The selected :attribute is invalid.'
+        );
+
+        return array_merge($message, ...array_map(
+            fn($failure) => $this->trans(
+                "$base.invalid_includes",
+                '":include" doesn\'t have relationship ":relation".',
+                $failure
+            ),
+            $this->failures
+        ));
+    }
+
+
+    private function assert(object $schema, array $desired, string $pretend = ''): bool
+    {
+        foreach ($desired as $relation => $sub) {
+            if (!isset($schema->relationships[$relation])) {
+                $this->failures[] = [
+                    ':include' => $pretend ?: $schema->type,
+                    ':relation' => $relation
+                ];
+            } else {
+                $this->assert(
+                    $schema->relationships[$relation],
+                    $sub,
+                    $pretend ? "$pretend.$relation" : $relation
+                );
+            }
+        }
+
+        return empty($this->failures);
+    }
+}

src/Requests/Rules/Traits/UseTrans.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace Ark4ne\JsonApi\Requests\Rules\Traits;
+
+use Illuminate\Support\Str;
+
+use function trans;
+
+trait UseTrans
+{
+    protected function trans($key, $default, array $replace = []): array
+    {
+        $message = trans($key);
+
+        return array_map(
+            static fn($msg) => Str::replace(array_keys($replace), array_values($replace), $msg),
+            $message === $key ? [$default] : (array)$message
+        );
+    }
+}

tests/Feature/User/ResourceTest.php

@@ -74,6 +74,67 @@ public function testShowWithRelationshipsDeepInclude()
         $response->assertExactJson($expected);
     }
 
+    public function testShowFailWithAttributes()
+    {
+        $user = $this->dataSeed();
+
+        $response = $this->getJson("user/{$user->id}?fields[user]=name,unknown&fields[foo]=bar");
+
+        $response->assertUnprocessable();
+        $response->assertJsonValidationErrors([
+            'fields' => [
+                'The selected fields is invalid.',
+                '"user" doesn\'t have fields "unknown".',
+                '"foo" doesn\'t exists.'
+            ]
+        ]);
+    }
+
+    public function testShowFailWithIncludes()
+    {
+        $user = $this->dataSeed();
+
+        $response = $this->getJson("user/{$user->id}?include=unknown");
+
+        $response->assertUnprocessable();
+        $response->assertJsonValidationErrors(['include' => [
+            'The selected include is invalid.',
+            '"user" doesn\'t have relationship "unknown".'
+        ]]);
+    }
+
+    public function testShowFailWithIncludesSub()
+    {
+        $user = $this->dataSeed();
+
+        $response = $this->getJson("user/{$user->id}?include=posts.unknown");
+
+        $response->assertUnprocessable();
+        $response->assertJsonValidationErrors(['include' => [
+            'The selected include is invalid.',
+            '"posts" doesn\'t have relationship "unknown"'
+        ]]);
+    }
+
+    public function testShowMultipleFailures()
+    {
+        $user = $this->dataSeed();
+
+        $response = $this->getJson("user/{$user->id}?include=posts.one,two&fields[user]=name,one_field&fields[unknown]=some");
+
+        $response->assertUnprocessable();
+        $response->assertJsonValidationErrors(['include' => [
+            'The selected include is invalid.',
+            '"posts" doesn\'t have relationship "one"',
+            '"user" doesn\'t have relationship "two"',
+        ], 'fields' => [
+            'The selected fields is invalid.',
+            '"user" doesn\'t have relationship "one_field"',
+            '"unknown" doesn\'t exists.',
+        ]]);
+    }
+
+
     private function dataSeed()
     {
         /** @var User $user */

tests/Unit/Requests/Rules/FieldsTest.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace Test\Unit\Requests\Rules;
+
+use Ark4ne\JsonApi\Requests\Rules\Fields;
+use Test\app\Http\Resources\UserResource;
+use Test\TestCase;
+
+class FieldsTest extends TestCase
+{
+    public function testPasses()
+    {
+        $rule = new Fields(UserResource::class);
+
+        $this->assertTrue($rule->passes(null, [
+            'user' => 'name,email',
+            'post' => 'content',
+        ]));
+
+        $this->assertFalse($rule->passes(null, [
+            'user' => 'name,email',
+            'unknown' => 'content',
+        ]));
+
+        $this->assertFalse($rule->passes(null, [
+            'user' => 'name,unknown',
+            'post' => 'content',
+        ]));
+
+        $this->assertFalse($rule->passes(null, [
+            'user' => 'name,email',
+            'post' => 'unknown',
+        ]));
+    }
+}