feat(controllers): enforce input validation with FluentValidation

Author: nanotaboada

src/Dotnet.Samples.AspNetCore.WebApi/Controllers/PlayerController.cs

@@ -1,18 +1,23 @@
 using System.Net.Mime;
 using Dotnet.Samples.AspNetCore.WebApi.Models;
 using Dotnet.Samples.AspNetCore.WebApi.Services;
+using FluentValidation;
 using Microsoft.AspNetCore.Mvc;
 
 namespace Dotnet.Samples.AspNetCore.WebApi.Controllers;
 
 [ApiController]
 [Route("[controller]")]
 [Produces("application/json")]
-public class PlayerController(IPlayerService playerService, ILogger<PlayerController> logger)
-    : ControllerBase
+public class PlayerController(
+    IPlayerService playerService,
+    ILogger<PlayerController> logger,
+    IValidator<PlayerRequestModel> validator
+) : ControllerBase
 {
     private readonly IPlayerService _playerService = playerService;
     private readonly ILogger<PlayerController> _logger = logger;
+    private readonly IValidator<PlayerRequestModel> validator = validator;
 
     /* -------------------------------------------------------------------------
      * HTTP POST
@@ -32,23 +37,30 @@ public class PlayerController(IPlayerService playerService, ILogger<PlayerContro
     [ProducesResponseType(StatusCodes.Status409Conflict)]
     public async Task<IResult> PostAsync([FromBody] PlayerRequestModel player)
     {
-        if (!ModelState.IsValid)
+        var validation = await validator.ValidateAsync(player);
+
+        if (!validation.IsValid)
         {
-            return TypedResults.BadRequest();
+            var errors = validation
+                .Errors.Select(error => new { error.PropertyName, error.ErrorMessage })
+                .ToArray();
+
+            _logger.LogWarning("POST validation failed: {@Errors}", errors);
+            return TypedResults.BadRequest(errors);
         }
-        else if (await _playerService.RetrieveByIdAsync(player.Id) != null)
+
+        if (await _playerService.RetrieveByIdAsync(player.Id) != null)
         {
             return TypedResults.Conflict();
         }
-        else
-        {
-            var result = await _playerService.CreateAsync(player);
-            return TypedResults.CreatedAtRoute(
-                routeName: "GetById",
-                routeValues: new { id = result.Id },
-                value: result
-            );
-        }
+
+        var result = await _playerService.CreateAsync(player);
+
+        return TypedResults.CreatedAtRoute(
+            routeName: "GetById",
+            routeValues: new { id = result.Id },
+            value: result
+        );
     }
 
     /* -------------------------------------------------------------------------
@@ -142,20 +154,26 @@ public async Task<IResult> GetBySquadNumberAsync([FromRoute] int squadNumber)
     [ProducesResponseType(StatusCodes.Status404NotFound)]
     public async Task<IResult> PutAsync([FromRoute] long id, [FromBody] PlayerRequestModel player)
     {
-        if (!ModelState.IsValid)
+        var validation = await validator.ValidateAsync(player);
+
+        if (!validation.IsValid)
         {
-            return TypedResults.BadRequest();
+            var errors = validation
+                .Errors.Select(error => new { error.PropertyName, error.ErrorMessage })
+                .ToArray();
+
+            _logger.LogWarning("PUT /players/{Id} validation failed: {@Errors}", id, errors);
+            return TypedResults.BadRequest(errors);
         }
-        else if (await _playerService.RetrieveByIdAsync(id) == null)
+
+        if (await _playerService.RetrieveByIdAsync(id) == null)
         {
             return TypedResults.NotFound();
         }
-        else
-        {
-            await _playerService.UpdateAsync(player);
 
-            return TypedResults.NoContent();
-        }
+        await _playerService.UpdateAsync(player);
+
+        return TypedResults.NoContent();
     }
 
     /* -------------------------------------------------------------------------

src/Dotnet.Samples.AspNetCore.WebApi/Dotnet.Samples.AspNetCore.WebApi.csproj

@@ -9,6 +9,7 @@
 
   <ItemGroup>
     <PackageReference Include="AutoMapper" Version="14.0.0" />
+    <PackageReference Include="FluentValidation" Version="11.11.0" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.3" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="9.0.0" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.3">

src/Dotnet.Samples.AspNetCore.WebApi/Enums/Position.cs

@@ -17,18 +17,47 @@ public class Position : Enumeration
     public static readonly Position LeftWinger = new(11, "Left Winger", "LW");
 
     private Position(int id, string name, string abbr)
-        : base(id, name)
-    {
-        Abbr = abbr;
-    }
+        : base(id, name) => Abbr = abbr;
 
-    public static Position? FromAbbr(string abbr)
-    {
-        return GetAll<Position>().FirstOrDefault(position => position.Abbr == abbr);
-    }
+    /// <summary>
+    /// Returns a Position object based on the abbreviation.
+    /// </summary>
+    /// <remarks>
+    /// This method searches through all the Position objects and returns the one
+    /// that matches the provided abbreviation. If no match is found, it returns null.
+    /// </remarks>
+    /// <param name="abbr">The abbreviation of the Position.</param>
+    /// <returns>
+    /// A Position object if found; otherwise, null.
+    /// </returns>
+    public static Position? FromAbbr(string abbr) =>
+        GetAll<Position>().FirstOrDefault(position => position.Abbr == abbr);
 
-    public static Position? FromId(int id)
-    {
-        return GetAll<Position>().FirstOrDefault(position => position.Id == id);
-    }
+    /// <summary>
+    /// Returns a Position object based on the ID.
+    /// </summary>
+    /// <remarks>
+    /// This method searches through all the Position objects and returns the one
+    /// that matches the provided ID. If no match is found, it returns null.
+    /// </remarks>
+    /// <param name="id">The ID of the Position.</param>
+    /// <returns>
+    /// A Position object if found; otherwise, null.
+    /// </returns>
+    public static Position? FromId(int id) =>
+        GetAll<Position>().FirstOrDefault(position => position.Id == id);
+
+    /// <summary>
+    /// Checks if the provided abbreviation is valid.
+    /// </summary>
+    /// <remarks>
+    /// This method checks if the provided abbreviation is not null or empty and
+    /// if it corresponds to a valid Position object.
+    /// </remarks>
+    /// <param name="abbr">The abbreviation to check.</param>
+    /// <returns>
+    /// True if the abbreviation is valid; otherwise, false.
+    /// </returns>
+    public static bool IsValidAbbr(string? abbr) =>
+        !string.IsNullOrWhiteSpace(abbr) && FromAbbr(abbr!) is not null;
 }

src/Dotnet.Samples.AspNetCore.WebApi/Models/PlayerRequestModel.cs

@@ -14,20 +14,16 @@ public class PlayerRequestModel
 {
     public long Id { get; set; }
 
-    [Required]
     public string? FirstName { get; set; }
 
     public string? MiddleName { get; set; }
 
-    [Required]
     public string? LastName { get; set; }
 
     public DateTime? DateOfBirth { get; set; }
 
-    [Required]
     public int SquadNumber { get; set; }
 
-    [Required]
     public string? AbbrPosition { get; set; }
 
     public string? Team { get; set; }

src/Dotnet.Samples.AspNetCore.WebApi/Program.cs

@@ -1,8 +1,11 @@
 using System.Reflection;
 using Dotnet.Samples.AspNetCore.WebApi.Data;
 using Dotnet.Samples.AspNetCore.WebApi.Mappings;
+using Dotnet.Samples.AspNetCore.WebApi.Models;
 using Dotnet.Samples.AspNetCore.WebApi.Services;
 using Dotnet.Samples.AspNetCore.WebApi.Utilities;
+using Dotnet.Samples.AspNetCore.WebApi.Validators;
+using FluentValidation;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.OpenApi.Models;
 using Serilog;
@@ -44,6 +47,7 @@
 builder.Services.AddScoped<IPlayerService, PlayerService>();
 builder.Services.AddMemoryCache();
 builder.Services.AddAutoMapper(typeof(PlayerMappingProfile));
+builder.Services.AddScoped<IValidator<PlayerRequestModel>, PlayerRequestModelValidator>();
 
 if (builder.Environment.IsDevelopment())
 {

src/Dotnet.Samples.AspNetCore.WebApi/Validators/PlayerRequestModelValidator.cs

@@ -0,0 +1,27 @@
+using Dotnet.Samples.AspNetCore.WebApi.Enums;
+using Dotnet.Samples.AspNetCore.WebApi.Models;
+using FluentValidation;
+
+namespace Dotnet.Samples.AspNetCore.WebApi.Validators;
+
+public class PlayerRequestModelValidator : AbstractValidator<PlayerRequestModel>
+{
+    public PlayerRequestModelValidator()
+    {
+        RuleFor(x => x.FirstName).NotEmpty().WithMessage("FirstName is required.");
+
+        RuleFor(x => x.LastName).NotEmpty().WithMessage("LastName is required.");
+
+        RuleFor(x => x.SquadNumber)
+            .NotEmpty()
+            .WithMessage("SquadNumber is required.")
+            .GreaterThan(0)
+            .WithMessage("SquadNumber must be greater than 0.");
+
+        RuleFor(x => x.AbbrPosition)
+            .NotEmpty()
+            .WithMessage("AbbrPosition is required.")
+            .Must(Position.IsValidAbbr)
+            .WithMessage("AbbrPosition is invalid.");
+    }
+}

src/Dotnet.Samples.AspNetCore.WebApi/packages.lock.json

@@ -11,6 +11,12 @@
           "Microsoft.Extensions.Options": "8.0.0"
         }
       },
+      "FluentValidation": {
+        "type": "Direct",
+        "requested": "[11.11.0, )",
+        "resolved": "11.11.0",
+        "contentHash": "cyIVdQBwSipxWG8MA3Rqox7iNbUNUTK5bfJi9tIdm4CAfH71Oo5ABLP4/QyrUwuakqpUEPGtE43BDddvEehuYw=="
+      },
       "Microsoft.AspNetCore.OpenApi": {
         "type": "Direct",
         "requested": "[8.0.14, )",