feat(Settings): enhance validation and error handling for settings

- Added validation methods for default Swiper configuration and CSS variables in Settings.php.
- Updated SettingsController to utilize new validation methods and handle errors appropriately.
- Enhanced Twig templates to display validation errors for various settings fields, improving user feedback.

Author: bhlindemann

src/controllers/SettingsController.php

@@ -139,6 +139,8 @@ public function actionSave(): ?Response
         $this->requirePostRequest();
 
         $plugin = SlideshowManager::getInstance();
+        $section = $this->_validSettingsSection($this->request->getBodyParam('section', 'general'));
+        $attributesToValidate = $this->_validationAttributesForSection($section);
 
         // Load current settings from database
         $settings = Settings::loadFromDatabase();
@@ -174,9 +176,8 @@ public function actionSave(): ?Response
                     $decoded = json_decode($rawStylesJson, true);
 
                     if (!is_array($decoded)) {
-                        $settings->addError('swiperCssVars', Craft::t('slideshow-manager', 'Style presets JSON is invalid.'));
+                        $settings->addError('swiperCssVars._styles', Craft::t('slideshow-manager', 'Style presets JSON is invalid.'));
                         Craft::$app->getSession()->setError(Craft::t('slideshow-manager', 'Could not save settings.'));
-                        $section = $this->_validSettingsSection($this->request->getBodyParam('section', 'general'));
                         $template = "slideshow-manager/settings/{$section}";
                         return $this->renderTemplate($template, [
                             'settings' => $settings,
@@ -186,9 +187,8 @@ public function actionSave(): ?Response
                     // Ensure each preset is an object/array of CSS vars
                     foreach ($decoded as $handle => $vars) {
                         if (!is_string($handle) || $handle === '' || !is_array($vars)) {
-                            $settings->addError('swiperCssVars', Craft::t('slideshow-manager', 'Style presets must be an object keyed by style handle, with each value as an object.'));
+                            $settings->addError('swiperCssVars._styles', Craft::t('slideshow-manager', 'Style presets must be an object keyed by style handle, with each value as an object.'));
                             Craft::$app->getSession()->setError(Craft::t('slideshow-manager', 'Could not save settings.'));
-                            $section = $this->_validSettingsSection($this->request->getBodyParam('section', 'general'));
                             $template = "slideshow-manager/settings/{$section}";
                             return $this->renderTemplate($template, [
                                 'settings' => $settings,
@@ -201,6 +201,12 @@ public function actionSave(): ?Response
             }
         }
 
+        // Skip validation for fields overridden by config.
+        $attributesToValidate = array_values(array_filter(
+            $attributesToValidate,
+            static fn(string $attribute): bool => !$settings->isOverriddenByConfig($attribute),
+        ));
+
         // Only update fields that were posted and are not overridden by config
         foreach ($settingsData as $key => $value) {
             if (!$settings->isOverriddenByConfig($key) && property_exists($settings, $key)) {
@@ -215,16 +221,12 @@ public function actionSave(): ?Response
         }
 
         // Validate
-        if (!$settings->validate()) {
+        if (!$settings->validate($attributesToValidate)) {
             Craft::$app->getSession()->setError(Craft::t('slideshow-manager', 'Could not save settings.'));
 
             // Log validation failure
             $this->logWarning('Settings validation failed', ['errors' => $settings->getErrors()]);
 
-            // Get the section to re-render the correct template with errors
-            $section = $this->_validSettingsSection(
-                $this->request->getBodyParam('section', 'general'),
-            );
             $template = "slideshow-manager/settings/{$section}";
 
             return $this->renderTemplate($template, [
@@ -233,7 +235,7 @@ public function actionSave(): ?Response
         }
 
         // Save settings to database
-        if ($settings->saveToDatabase()) {
+        if ($settings->saveToDatabase($attributesToValidate)) {
             // Log successful save
             $this->logInfo('Settings saved successfully', [
                 'userId' => Craft::$app->getUser()->getId(),
@@ -261,4 +263,20 @@ private function _validSettingsSection(string $section): string
 
         return in_array($section, $allowed, true) ? $section : 'general';
     }
+
+    /**
+     * Return top-level settings attributes validated for the active section.
+     *
+     * @param string $section
+     * @return array
+     */
+    private function _validationAttributesForSection(string $section): array
+    {
+        return match ($section) {
+            'general' => ['pluginName', 'autoLoadSwiperCss', 'autoLoadSwiperJs', 'enableCache', 'cacheDuration', 'logLevel'],
+            'basic', 'layout', 'controls', 'advanced' => ['defaultSwiperConfig'],
+            'styles' => ['swiperCssVars'],
+            default => [],
+        };
+    }
 }

src/models/Settings.php

@@ -122,13 +122,277 @@ protected function defineRules(): array
         return [
             [['pluginName'], 'string'],
             [['autoLoadSwiperCss', 'autoLoadSwiperJs', 'enableCache'], 'boolean'],
-            [['cacheDuration'], 'integer', 'min' => 1],
+            [['cacheDuration'], 'integer', 'min' => 1, 'max' => 2147483647],
             [['defaultSwiperConfig', 'swiperCssVars'], 'safe'],
+            [['defaultSwiperConfig'], 'validateDefaultSwiperConfig'],
+            [['swiperCssVars'], 'validateSwiperCssVars'],
             [['logLevel'], 'in', 'range' => ['debug', 'info', 'warning', 'error']],
             [['logLevel'], 'validateLogLevel'],
         ];
     }
 
+    /**
+     * Validate Swiper configuration values.
+     */
+    public function validateDefaultSwiperConfig(string $attribute): void
+    {
+        $config = $this->$attribute;
+        if (!is_array($config)) {
+            $this->addError($attribute, Craft::t(static::pluginHandle(), 'Swiper configuration must be an object.'));
+            return;
+        }
+
+        $speed = $this->nestedValue($config, ['speed']);
+        if ($speed !== null && (!$this->isNumeric($speed) || (float)$speed < 0 || (float)$speed > 100000)) {
+            $this->addError('defaultSwiperConfig.speed', Craft::t(static::pluginHandle(), 'Speed must be between 0 and 100000 ms.'));
+        }
+
+        $slidesPerView = $this->nestedValue($config, ['slidesPerView']);
+        if ($slidesPerView !== null && (!$this->isNumeric($slidesPerView) || (float)$slidesPerView < 1 || (float)$slidesPerView > 20)) {
+            $this->addError('defaultSwiperConfig.slidesPerView', Craft::t(static::pluginHandle(), 'Slides per view must be between 1 and 20.'));
+        }
+
+        $spaceBetween = $this->nestedValue($config, ['spaceBetween']);
+        if ($spaceBetween !== null && (!$this->isNumeric($spaceBetween) || (float)$spaceBetween < 0 || (float)$spaceBetween > 1000)) {
+            $this->addError('defaultSwiperConfig.spaceBetween', Craft::t(static::pluginHandle(), 'Space between must be between 0 and 1000 pixels.'));
+        }
+
+        $autoplayDelay = $this->nestedValue($config, ['autoplay', 'delay']);
+        if ($autoplayDelay !== null && (!$this->isNumeric($autoplayDelay) || (float)$autoplayDelay < 100 || (float)$autoplayDelay > 600000)) {
+            $this->addError('defaultSwiperConfig.autoplay.delay', Craft::t(static::pluginHandle(), 'Autoplay delay must be between 100 and 600000 ms.'));
+        }
+
+        $customTemplate = $this->nestedValue($config, ['pagination', 'customTemplate']);
+        if ($customTemplate !== null && is_string($customTemplate)) {
+            if (preg_match_all('/\{([^}]+)\}/', $customTemplate, $matches) > 0) {
+                foreach ($matches[1] as $token) {
+                    if (!in_array($token, ['current', 'total'], true)) {
+                        $this->addError(
+                            'defaultSwiperConfig.pagination.customTemplate',
+                            Craft::t(static::pluginHandle(), 'Unsupported token "{token}". Allowed tokens: {current}, {total}.', ['token' => $token])
+                        );
+                        break;
+                    }
+                }
+            }
+        }
+
+        $loadPrevNext = $this->nestedValue($config, ['lazy', 'loadPrevNext']);
+        if ($loadPrevNext !== null && (!$this->isNumeric($loadPrevNext) || (float)$loadPrevNext < 0 || (float)$loadPrevNext > 20)) {
+            $this->addError('defaultSwiperConfig.lazy.loadPrevNext', Craft::t(static::pluginHandle(), 'Load prev/next must be between 0 and 20.'));
+        }
+
+        $zoomMin = $this->nestedValue($config, ['zoom', 'minRatio']);
+        $zoomMax = $this->nestedValue($config, ['zoom', 'maxRatio']);
+        if ($zoomMin !== null && (!$this->isNumeric($zoomMin) || (float)$zoomMin < 1 || (float)$zoomMin > 20)) {
+            $this->addError('defaultSwiperConfig.zoom.minRatio', Craft::t(static::pluginHandle(), 'Zoom min ratio must be between 1 and 20.'));
+        }
+        if ($zoomMax !== null && (!$this->isNumeric($zoomMax) || (float)$zoomMax < 1 || (float)$zoomMax > 20)) {
+            $this->addError('defaultSwiperConfig.zoom.maxRatio', Craft::t(static::pluginHandle(), 'Zoom max ratio must be between 1 and 20.'));
+        }
+        if ($this->isNumeric($zoomMin) && $this->isNumeric($zoomMax) && (float)$zoomMax < (float)$zoomMin) {
+            $this->addError('defaultSwiperConfig.zoom.maxRatio', Craft::t(static::pluginHandle(), 'Zoom max ratio must be greater than or equal to zoom min ratio.'));
+        }
+
+        $breakpoints = $this->nestedValue($config, ['breakpoints']);
+        if ($breakpoints !== null) {
+            if (!is_array($breakpoints)) {
+                $this->addError('defaultSwiperConfig.breakpoints', Craft::t(static::pluginHandle(), 'Breakpoints must be an array.'));
+            } else {
+                foreach ($breakpoints as $index => $breakpoint) {
+                    if (!is_array($breakpoint)) {
+                        $this->addError('defaultSwiperConfig.breakpoints', Craft::t(static::pluginHandle(), 'Breakpoint #{index} must be an object.', ['index' => (string)($index + 1)]));
+                        continue;
+                    }
+                    $width = $breakpoint['width'] ?? null;
+                    $bpSlidesPerView = $breakpoint['slidesPerView'] ?? null;
+                    $bpSpaceBetween = $breakpoint['spaceBetween'] ?? null;
+                    if (!$this->isNumeric($width) || (float)$width < 0) {
+                        $this->addError('defaultSwiperConfig.breakpoints', Craft::t(static::pluginHandle(), 'Breakpoint width must be a number greater than or equal to 0.'));
+                        break;
+                    }
+                    if (!$this->isNumeric($bpSlidesPerView) || (float)$bpSlidesPerView < 1 || (float)$bpSlidesPerView > 20) {
+                        $this->addError('defaultSwiperConfig.breakpoints', Craft::t(static::pluginHandle(), 'Breakpoint slides per view must be between 1 and 20.'));
+                        break;
+                    }
+                    if (!$this->isNumeric($bpSpaceBetween) || (float)$bpSpaceBetween < 0 || (float)$bpSpaceBetween > 1000) {
+                        $this->addError('defaultSwiperConfig.breakpoints', Craft::t(static::pluginHandle(), 'Breakpoint space between must be between 0 and 1000 pixels.'));
+                        break;
+                    }
+                }
+            }
+        }
+    }
+
+    /**
+     * Validate CSS vars settings payload.
+     */
+    public function validateSwiperCssVars(string $attribute): void
+    {
+        $cssVars = $this->$attribute;
+        if (!is_array($cssVars)) {
+            $this->addError($attribute, Craft::t(static::pluginHandle(), 'CSS vars configuration must be an object.'));
+            return;
+        }
+
+        $activeHandle = $cssVars['_active'] ?? '';
+        if ($activeHandle !== '' && !preg_match('/^[a-z0-9_-]+$/i', (string)$activeHandle)) {
+            $this->addError('swiperCssVars._active', Craft::t(static::pluginHandle(), 'Active style handle may only contain letters, numbers, hyphens, and underscores.'));
+        }
+
+        $styles = $cssVars['_styles'] ?? null;
+        if ($styles !== null && !is_array($styles)) {
+            $this->addError('swiperCssVars._styles', Craft::t(static::pluginHandle(), 'Style presets must be an object keyed by style handle.'));
+        }
+
+        $lengthFields = [
+            'navigationSize',
+            'navigationTopOffset',
+            'navigationSidesOffset',
+            'navigationPadding',
+            'navigationRadius',
+            'paginationBulletSize',
+            'paginationBulletWidth',
+            'paginationBulletHeight',
+            'paginationBulletHorizontalGap',
+            'paginationBulletVerticalGap',
+            'paginationProgressbarSize',
+            'paginationLeft',
+            'paginationRight',
+            'paginationTop',
+            'paginationBottom',
+            'scrollbarBorderRadius',
+            'scrollbarTop',
+            'scrollbarBottom',
+            'scrollbarLeft',
+            'scrollbarRight',
+            'scrollbarSidesOffset',
+            'scrollbarSize',
+        ];
+        $colorFields = [
+            'themeColor',
+            'navigationColor',
+            'navigationInactiveColor',
+            'navigationBg',
+            'navigationBgHover',
+            'navigationBorderColor',
+            'navigationBorderColorHover',
+            'paginationColor',
+            'paginationBulletInactiveColor',
+            'paginationFractionColor',
+            'paginationProgressbarBgColor',
+            'scrollbarBgColor',
+            'scrollbarDragBgColor',
+            'thumbActiveColor',
+            'slideBgColor',
+        ];
+        $opacityFields = [
+            'paginationBulletInactiveOpacity',
+            'paginationBulletOpacity',
+        ];
+
+        foreach ($lengthFields as $field) {
+            $value = trim((string)($cssVars[$field] ?? ''));
+            if ($value === '') {
+                continue;
+            }
+            if (!$this->isValidCssLengthOrKeyword($value, ['auto', 'inherit'])) {
+                $this->addError(
+                    "swiperCssVars.{$field}",
+                    Craft::t(
+                        static::pluginHandle(),
+                        'Invalid value. Use a CSS length/percentage (for example: 44px, 0.5rem, 50%), `auto`, `inherit`, or `var(...)`/`calc(...)`.'
+                    )
+                );
+            }
+        }
+
+        foreach ($colorFields as $field) {
+            $value = trim((string)($cssVars[$field] ?? ''));
+            if ($value === '') {
+                continue;
+            }
+            if (!$this->isValidCssColor($value)) {
+                $this->addError(
+                    "swiperCssVars.{$field}",
+                    Craft::t(
+                        static::pluginHandle(),
+                        'Invalid color. Use hex, rgb()/rgba(), hsl()/hsla(), `transparent`, `currentColor`, or `var(...)`.'
+                    )
+                );
+            }
+        }
+
+        foreach ($opacityFields as $field) {
+            $value = trim((string)($cssVars[$field] ?? ''));
+            if ($value === '') {
+                continue;
+            }
+            if (!$this->isNumeric($value) || (float)$value < 0 || (float)$value > 1) {
+                $this->addError(
+                    "swiperCssVars.{$field}",
+                    Craft::t(static::pluginHandle(), 'Invalid opacity. Use a number between 0 and 1.')
+                );
+            }
+        }
+    }
+
+    /**
+     * @param mixed $value
+     */
+    private function isNumeric(mixed $value): bool
+    {
+        return is_int($value) || is_float($value) || (is_string($value) && is_numeric($value));
+    }
+
+    /**
+     * @param array<string,mixed> $source
+     * @param array<int,string> $path
+     * @return mixed
+     */
+    private function nestedValue(array $source, array $path): mixed
+    {
+        $value = $source;
+        foreach ($path as $segment) {
+            if (!is_array($value) || !array_key_exists($segment, $value)) {
+                return null;
+            }
+            $value = $value[$segment];
+        }
+
+        return $value;
+    }
+
+    private function isValidCssLengthOrKeyword(string $value, array $keywords = []): bool
+    {
+        if (in_array(strtolower($value), array_map('strtolower', $keywords), true)) {
+            return true;
+        }
+
+        if (preg_match('/^(var|calc|clamp|min|max)\(.+\)$/i', $value) === 1) {
+            return true;
+        }
+
+        return preg_match('/^-?(?:\d+|\d*\.\d+)(?:px|rem|em|%|vh|vw|vmin|vmax|ch|ex|pt|pc|cm|mm|in)$/i', $value) === 1;
+    }
+
+    private function isValidCssColor(string $value): bool
+    {
+        if (preg_match('/^(transparent|currentColor|inherit)$/i', $value) === 1) {
+            return true;
+        }
+
+        if (preg_match('/^#(?:[0-9a-f]{3}|[0-9a-f]{4}|[0-9a-f]{6}|[0-9a-f]{8})$/i', $value) === 1) {
+            return true;
+        }
+
+        if (preg_match('/^(rgba?|hsla?)\(.+\)$/i', $value) === 1) {
+            return true;
+        }
+
+        return preg_match('/^var\(.+\)$/i', $value) === 1;
+    }
+
     /**
      * Validates the log level - debug requires devMode
      */

src/templates/_layouts/settings.twig

@@ -3,6 +3,12 @@
 {% set title = title ?? 'Settings'|t('slideshow-manager') %}
 {% set selectedSettingsItem = selectedSettingsItem ?? 'general' %}
 {% set selectedSubnavItem = 'settings' %}
+{% if settings is defined and settings.hasErrors() %}
+    {% set errorSummary = include('lindemannrock-base/_partials/error-summary', {
+        errors: settings.getErrors(),
+        translationCategory: 'slideshow-manager',
+    }) %}
+{% endif %}
 
 {% block sidebar %}
     <nav id="settings-nav">