|
| 1 | +# Injectable input filters |
| 2 | + |
| 3 | +In the current version of 6.0, Dotkernel API has an Injectable Input Filter system into the constructors of our handlers. |
| 4 | + |
| 5 | +When building APIs or backend applications in PHP, especially within frameworks that support dependency injection, input validation is a critical concern. |
| 6 | +Many developers instinctively instantiate input filters or validators inside their handlers or controllers. |
| 7 | +However, injecting input filters is a cleaner, more testable, and flexible approach. |
| 8 | + |
| 9 | +The **previous** version that contained inline instantiation: |
| 10 | + |
| 11 | +```php |
| 12 | +public function handle(ServerRequestInterface $request): ResponseInterface |
| 13 | +{ |
| 14 | + $inputFilter = (new CreateAdminInputFilter())->setData((array) $request->getParsedBody()); |
| 15 | + if (! $inputFilter->isValid()) { |
| 16 | + throw (new BadRequestException())->setMessages($inputFilter->getMessages()); |
| 17 | + } |
| 18 | + |
| 19 | + $admin = $this->adminService->createAdmin($inputFilter->getValues()); |
| 20 | + |
| 21 | + return $this->createdResponse($request, $admin); |
| 22 | +} |
| 23 | +``` |
| 24 | + |
| 25 | +While simple, this ties your handler directly to a concrete class. It’s harder to reuse logic across contexts and mock or replace the filter during testing. |
| 26 | + |
| 27 | +Our **current** approach uses constructor injection: |
| 28 | + |
| 29 | +```php |
| 30 | +class PostAdminResourceHandler extends AbstractHandler |
| 31 | +{ |
| 32 | + #[Inject( |
| 33 | + AdminServiceInterface::class, |
| 34 | + CreateAdminInputFilter::class, |
| 35 | + )] |
| 36 | + public function __construct( |
| 37 | + protected AdminServiceInterface $adminService, |
| 38 | + protected CreateAdminInputFilter $inputFilter, |
| 39 | + ) { |
| 40 | + } |
| 41 | + |
| 42 | + /** |
| 43 | + * @throws BadRequestException |
| 44 | + * @throws ConflictException |
| 45 | + * @throws NotFoundException |
| 46 | + */ |
| 47 | + public function handle(ServerRequestInterface $request): ResponseInterface |
| 48 | + { |
| 49 | + $this->inputFilter->setData((array) $request->getParsedBody()); |
| 50 | + if (! $this->inputFilter->isValid()) { |
| 51 | + throw (new BadRequestException())->setMessages($this->inputFilter->getMessages()); |
| 52 | + } |
| 53 | + |
| 54 | + $admin = $this->adminService->createAdmin((array) $this->inputFilter->getValues()); |
| 55 | + |
| 56 | + return $this->createdResponse($request, $admin); |
| 57 | + } |
| 58 | +} |
| 59 | +``` |
| 60 | + |
| 61 | +This new approach makes it trivial to mock the filters during tests: |
| 62 | + |
| 63 | +```php |
| 64 | +$mockFilter = $this->createMock(CreateAdminInputFilter::class); |
| 65 | +$mockFilter->method('setData')->willReturnSelf(); |
| 66 | +$mockFilter->method('isValid')->willReturn(true); |
| 67 | + |
| 68 | +$handler = new PostAdminResourceHandler($adminService, $mockFilter); |
| 69 | +$response = $handler->handle($request); |
| 70 | +``` |
| 71 | + |
| 72 | +You're no longer tied to the real filter logic in your handler tests. |
0 commit comments