In this episode, we're tackling validation and authorization for our endpoint store controller. We kick things off by making sure that whenever someone tries to add an endpoint, the input fields like location and especially frequency are properly validated. This means checking that frequency values actually exist in our defined enum using Laravel's built-in enum validation rule, and making sure location isn't empty.
Next up, we lock things down with authentication middleware, so only logged-in users can hit this controller. But we don't stop there: we introduce form requests to handle all our validation and authorization logic cleanly. We create a custom EndpointStoreRequest
where the validation rules live, and we wire up input error messages so users see immediate feedback if they make mistakes.
For the security bit, we talk about why authorization is crucial—otherwise, someone could add endpoints to any site, even if they don't own it! To fix this, we create a policy (SitePolicy
) that checks if the user actually owns the site before letting them add an endpoint. We walk through registering and using this policy in Laravel, showing how attempts to add endpoints by unauthorized users are rejected with a 403 error. Then, after flipping the policy to do the proper user check, everything works as intended for legit site owners.
By the end, we've locked down our endpoint store so that only authorized, authenticated users can add endpoints, and only with valid data.