Issue #388: Inject InputFilters in handlers

src/Admin/src/Handler/Account/PatchAdminAccountResourceHandler.php

@@ -19,9 +19,11 @@ class PatchAdminAccountResourceHandler extends AbstractHandler
 {
     #[Inject(
         AdminServiceInterface::class,
+        UpdateAdminInputFilter::class,
     )]
     public function __construct(
         protected AdminServiceInterface $adminService,
+        protected UpdateAdminInputFilter $inputFilter,
     ) {
     }
 
@@ -32,12 +34,13 @@ public function __construct(
      */
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
-        $inputFilter = (new UpdateAdminInputFilter())->setData((array) $request->getParsedBody());
-        if (! $inputFilter->isValid()) {
-            throw (new BadRequestException())->setMessages($inputFilter->getMessages());
+        $this->inputFilter->setData((array) $request->getParsedBody());
+        if (! $this->inputFilter->isValid()) {
+            throw (new BadRequestException())->setMessages($this->inputFilter->getMessages());
         }
 
-        $admin = $this->adminService->updateAdmin($request->getAttribute(Admin::class), $inputFilter->getValues());
+        $admin = $request->getAttribute(Admin::class);
+        $this->adminService->updateAdmin($admin, (array) $this->inputFilter->getValues());
 
         return $this->createResponse($request, $admin);
     }

src/Admin/src/Handler/Admin/PatchAdminResourceHandler.php

@@ -18,9 +18,11 @@ class PatchAdminResourceHandler extends AbstractHandler
 {
     #[Inject(
         AdminServiceInterface::class,
+        UpdateAdminInputFilter::class,
     )]
     public function __construct(
         protected AdminServiceInterface $adminService,
+        protected UpdateAdminInputFilter $inputFilter,
     ) {
     }
 
@@ -31,13 +33,13 @@ public function __construct(
      */
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
-        $inputFilter = (new UpdateAdminInputFilter())->setData((array) $request->getParsedBody());
-        if (! $inputFilter->isValid()) {
-            throw (new BadRequestException())->setMessages($inputFilter->getMessages());
+        $this->inputFilter->setData((array) $request->getParsedBody());
+        if (! $this->inputFilter->isValid()) {
+            throw (new BadRequestException())->setMessages($this->inputFilter->getMessages());
         }
 
         $admin = $this->adminService->findOneBy(['uuid' => $request->getAttribute('uuid')]);
-        $this->adminService->updateAdmin($admin, $inputFilter->getValues());
+        $this->adminService->updateAdmin($admin, (array) $this->inputFilter->getValues());
 
         return $this->createResponse($request, $admin);
     }

src/Admin/src/Handler/Admin/PostAdminResourceHandler.php

@@ -18,9 +18,11 @@ class PostAdminResourceHandler extends AbstractHandler
 {
     #[Inject(
         AdminServiceInterface::class,
+        CreateAdminInputFilter::class,
     )]
     public function __construct(
         protected AdminServiceInterface $adminService,
+        protected CreateAdminInputFilter $inputFilter,
     ) {
     }
 
@@ -31,12 +33,12 @@ public function __construct(
      */
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
-        $inputFilter = (new CreateAdminInputFilter())->setData((array) $request->getParsedBody());
-        if (! $inputFilter->isValid()) {
-            throw (new BadRequestException())->setMessages($inputFilter->getMessages());
+        $this->inputFilter->setData((array) $request->getParsedBody());
+        if (! $this->inputFilter->isValid()) {
+            throw (new BadRequestException())->setMessages($this->inputFilter->getMessages());
         }
 
-        $admin = $this->adminService->createAdmin($inputFilter->getValues());
+        $admin = $this->adminService->createAdmin((array) $this->inputFilter->getValues());
 
         return $this->createdResponse($request, $admin);
     }

src/App/src/ConfigProvider.php

@@ -15,6 +15,7 @@
 use Api\App\Middleware\AuthorizationMiddleware;
 use Api\App\Middleware\ContentNegotiationMiddleware;
 use Api\App\Middleware\DeprecationMiddleware;
+use Api\App\Middleware\ErrorReportPermissionMiddleware;
 use Api\App\Middleware\ResponseMiddleware;
 use Api\App\Service\ErrorReportService;
 use Api\App\Service\ErrorReportServiceInterface;
@@ -54,20 +55,21 @@ public function getDependencies(): array
                 PostErrorReportResourceHandler::class => [HandlerDelegatorFactory::class],
             ],
             'factories'  => [
-                'dot-mail.options.default'            => MailOptionsAbstractFactory::class,
-                'dot-mail.service.default'            => MailServiceAbstractFactory::class,
-                AuthenticationMiddleware::class       => AuthenticationMiddlewareFactory::class,
-                AuthorizationMiddleware::class        => AttributedServiceFactory::class,
-                ContentNegotiationMiddleware::class   => AttributedServiceFactory::class,
-                DeprecationMiddleware::class          => AttributedServiceFactory::class,
-                Environment::class                    => TwigEnvironmentFactory::class,
-                PostErrorReportResourceHandler::class => AttributedServiceFactory::class,
-                ErrorReportService::class             => AttributedServiceFactory::class,
-                ResponseMiddleware::class             => AttributedServiceFactory::class,
-                RouteListCommand::class               => RouteListCommandFactory::class,
-                TokenGenerateCommand::class           => TokenGenerateCommandFactory::class,
-                TwigExtension::class                  => TwigExtensionFactory::class,
-                TwigRenderer::class                   => TwigRendererFactory::class,
+                'dot-mail.options.default'             => MailOptionsAbstractFactory::class,
+                'dot-mail.service.default'             => MailServiceAbstractFactory::class,
+                AuthenticationMiddleware::class        => AuthenticationMiddlewareFactory::class,
+                AuthorizationMiddleware::class         => AttributedServiceFactory::class,
+                ContentNegotiationMiddleware::class    => AttributedServiceFactory::class,
+                DeprecationMiddleware::class           => AttributedServiceFactory::class,
+                Environment::class                     => TwigEnvironmentFactory::class,
+                ErrorReportPermissionMiddleware::class => AttributedServiceFactory::class,
+                PostErrorReportResourceHandler::class  => AttributedServiceFactory::class,
+                ErrorReportService::class              => AttributedServiceFactory::class,
+                ResponseMiddleware::class              => AttributedServiceFactory::class,
+                RouteListCommand::class                => RouteListCommandFactory::class,
+                TokenGenerateCommand::class            => TokenGenerateCommandFactory::class,
+                TwigExtension::class                   => TwigExtensionFactory::class,
+                TwigRenderer::class                    => TwigRendererFactory::class,
             ],
             'aliases'    => [
                 Authentication\AuthenticationInterface::class => Authentication\OAuth2\OAuth2Adapter::class,

src/App/src/Handler/PostErrorReportResourceHandler.php

@@ -5,8 +5,8 @@
 namespace Api\App\Handler;
 
 use Api\App\Attribute\MethodDeprecation;
-use Api\App\Exception\ForbiddenException;
-use Api\App\Exception\UnauthorizedException;
+use Api\App\Exception\BadRequestException;
+use Api\App\InputFilter\ErrorReportInputFilter;
 use Api\App\Service\ErrorReportServiceInterface;
 use Core\App\Message;
 use Dot\DependencyInjection\Attribute\Inject;
@@ -19,16 +19,17 @@ class PostErrorReportResourceHandler extends AbstractHandler
 {
     #[Inject(
         ErrorReportServiceInterface::class,
+        ErrorReportInputFilter::class,
     )]
     public function __construct(
         protected ErrorReportServiceInterface $errorReportService,
+        protected ErrorReportInputFilter $inputFilter,
     ) {
     }
 
     /**
-     * @throws ForbiddenException
+     * @throws BadRequestException
      * @throws RuntimeException
-     * @throws UnauthorizedException
      */
     #[MethodDeprecation(
         sunset: '2038-01-01',
@@ -37,11 +38,12 @@ public function __construct(
     )]
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
-        $this->errorReportService
-            ->checkRequest($request)
-            ->appendMessage(
-                $request->getParsedBody()['message'] ?? ''
-            );
+        $this->inputFilter->setData((array) $request->getParsedBody());
+        if (! $this->inputFilter->isValid()) {
+            throw (new BadRequestException())->setMessages($this->inputFilter->getMessages());
+        }
+
+        $this->errorReportService->appendMessage($this->inputFilter->getValue('message'));
 
         return $this->infoResponse(Message::ERROR_REPORT_OK, StatusCodeInterface::STATUS_CREATED);
     }

src/App/src/InputFilter/ErrorReportInputFilter.php

@@ -0,0 +1,19 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Api\App\InputFilter;
+
+use Api\App\InputFilter\Input\MessageInput;
+use Laminas\InputFilter\InputFilter;
+
+/**
+ * @extends InputFilter<object>
+ */
+class ErrorReportInputFilter extends InputFilter
+{
+    public function __construct()
+    {
+        $this->add(new MessageInput('message'));
+    }
+}

src/App/src/InputFilter/Input/MessageInput.php

@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Api\App\InputFilter\Input;
+
+use Core\App\Message;
+use Laminas\Filter\StringTrim;
+use Laminas\Filter\StripTags;
+use Laminas\InputFilter\Input;
+use Laminas\Validator\NotEmpty;
+
+use function sprintf;
+
+class MessageInput extends Input
+{
+    public function __construct(?string $name = null, bool $isRequired = true)
+    {
+        parent::__construct($name);
+
+        $this->setRequired($isRequired);
+
+        $this->getFilterChain()
+            ->attachByName(StringTrim::class)
+            ->attachByName(StripTags::class);
+
+        $this->getValidatorChain()
+            ->attachByName(NotEmpty::class, [
+                'message' => sprintf(Message::VALIDATOR_REQUIRED_FIELD_BY_NAME, 'Message'),
+            ], true);
+    }
+}

src/App/src/Middleware/ErrorReportPermissionMiddleware.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Api\App\Middleware;
+
+use Api\App\Exception\ForbiddenException;
+use Api\App\Exception\UnauthorizedException;
+use Api\App\Service\ErrorReportServiceInterface;
+use Dot\DependencyInjection\Attribute\Inject;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+
+class ErrorReportPermissionMiddleware implements MiddlewareInterface
+{
+    #[Inject(
+        ErrorReportServiceInterface::class,
+    )]
+    public function __construct(
+        protected ErrorReportServiceInterface $errorReportService,
+    ) {
+    }
+
+    /**
+     * @throws UnauthorizedException
+     * @throws ForbiddenException
+     */
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        $this->errorReportService->checkRequest($request);
+
+        return $handler->handle($request);
+    }
+}

src/App/src/RoutesDelegator.php

@@ -6,6 +6,7 @@
 
 use Api\App\Handler\GetIndexResourceHandler;
 use Api\App\Handler\PostErrorReportResourceHandler;
+use Api\App\Middleware\ErrorReportPermissionMiddleware;
 use Mezzio\Application;
 use Psr\Container\ContainerInterface;
 
@@ -24,7 +25,11 @@ public function __invoke(ContainerInterface $container, string $serviceName, cal
         $app->get('/', GetIndexResourceHandler::class, 'app::view-index');
 
         // Other application reports an error
-        $app->post('/error-report', PostErrorReportResourceHandler::class, 'app::create-error-report');
+        $app->post(
+            '/error-report',
+            [ErrorReportPermissionMiddleware::class, PostErrorReportResourceHandler::class],
+            'app::create-error-report'
+        );
 
         return $app;
     }

src/User/src/Handler/Account/Avatar/PostUserAccountAvatarHandler.php

@@ -17,9 +17,11 @@ class PostUserAccountAvatarHandler extends AbstractHandler
 {
     #[Inject(
         UserAvatarServiceInterface::class,
+        UpdateAvatarInputFilter::class,
     )]
     public function __construct(
         protected UserAvatarServiceInterface $userAvatarService,
+        protected UpdateAvatarInputFilter $inputFilter,
     ) {
     }
 
@@ -28,14 +30,14 @@ public function __construct(
      */
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
-        $inputFilter = (new UpdateAvatarInputFilter())->setData($request->getUploadedFiles());
-        if (! $inputFilter->isValid()) {
-            throw (new BadRequestException())->setMessages($inputFilter->getMessages());
+        $this->inputFilter->setData($request->getUploadedFiles());
+        if (! $this->inputFilter->isValid()) {
+            throw (new BadRequestException())->setMessages($this->inputFilter->getMessages());
         }
 
         $userAvatar = $this->userAvatarService->createAvatar(
             $request->getAttribute(User::class),
-            $inputFilter->getValue('avatar')
+            $this->inputFilter->getValue('avatar')
         );
 
         return $this->createdResponse($request, $userAvatar);

src/User/src/Handler/Account/PatchUserAccountResourceHandler.php

@@ -19,9 +19,11 @@ class PatchUserAccountResourceHandler extends AbstractHandler
 {
     #[Inject(
         UserServiceInterface::class,
+        UpdateUserInputFilter::class,
     )]
     public function __construct(
         protected UserServiceInterface $userService,
+        protected UpdateUserInputFilter $inputFilter,
     ) {
     }
 
@@ -32,14 +34,15 @@ public function __construct(
      */
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
-        $inputFilter = (new UpdateUserInputFilter())
+        $this->inputFilter
             ->setValidationGroup(['password', 'passwordConfirm', 'detail'])
             ->setData((array) $request->getParsedBody());
-        if (! $inputFilter->isValid()) {
-            throw (new BadRequestException())->setMessages($inputFilter->getMessages());
+        if (! $this->inputFilter->isValid()) {
+            throw (new BadRequestException())->setMessages($this->inputFilter->getMessages());
         }
 
-        $user = $this->userService->updateUser($request->getAttribute(User::class), $inputFilter->getValues());
+        $user = $request->getAttribute(User::class);
+        $this->userService->updateUser($user, (array) $this->inputFilter->getValues());
 
         return $this->createResponse($request, $user);
     }

src/User/src/Handler/Account/PostUserAccountActivateHandler.php

@@ -23,9 +23,11 @@ class PostUserAccountActivateHandler extends AbstractHandler
 {
     #[Inject(
         UserServiceInterface::class,
+        ActivateAccountInputFilter::class,
     )]
     public function __construct(
         protected UserServiceInterface $userService,
+        protected ActivateAccountInputFilter $inputFilter,
     ) {
     }
 
@@ -37,12 +39,12 @@ public function __construct(
      */
     public function handle(ServerRequestInterface $request): ResponseInterface
     {
-        $inputFilter = (new ActivateAccountInputFilter())->setData((array) $request->getParsedBody());
-        if (! $inputFilter->isValid()) {
-            throw (new BadRequestException())->setMessages($inputFilter->getMessages());
+        $this->inputFilter->setData((array) $request->getParsedBody());
+        if (! $this->inputFilter->isValid()) {
+            throw (new BadRequestException())->setMessages($this->inputFilter->getMessages());
         }
 
-        $user = $this->userService->findByEmail($inputFilter->getValue('email'));
+        $user = $this->userService->findByEmail($this->inputFilter->getValue('email'));
         if ($user->isActive()) {
             throw new ConflictException(Message::USER_ALREADY_ACTIVATED);
         }