Validation
Introduction
Laravel Hyperf provides several different approaches to validate your application's incoming data. It is most common to use the validate
method available on all incoming HTTP requests. However, we will discuss other approaches to validation as well.
Laravel Hyperf includes a wide variety of convenient validation rules that you may apply to data, even providing the ability to validate if values are unique in a given database table. We'll cover each of these validation rules in detail so that you are familiar with all of Laravel Hyperf's validation features.
Validation Quickstart
To learn about Laravel Hyperf's powerful validation features, let's look at a complete example of validating a form and displaying the error messages back to the user. By reading this high-level overview, you'll be able to gain a good general understanding of how to validate incoming request data using Laravel:
Defining the Routes
First, let's assume we have the following routes defined in our routes/web.php
file:
use App\Http\Controllers\PostController;
Route::get('/post/create', [PostController::class, 'create']);
Route::post('/post', [PostController::class, 'store']);
The GET
route will display a form for the user to create a new blog post, while the POST
route will store the new blog post in the database.
Creating the Controller
Next, let's take a look at a simple controller that handles incoming requests to these routes. We'll leave the store
method empty for now:
<?php
namespace App\Http\Controllers;
use SwooleTW\Hyperf\Http\Request;
use Hyperf\ViewEngine\Contract\ViewInterface;
class PostController extends Controller
{
/**
* Show the form to create a new blog post.
*/
public function create(): ViewInterface
{
return view('post.create');
}
/**
* Store a new blog post.
*/
public function store(Request $request): ViewInterface
{
// Validate and store the blog post...
$post = /** ... */
return view('post.show', ['post' => $post->id]);
}
}
Writing the Validation Logic
Now we are ready to fill in our store
method with the logic to validate the new blog post. To do this, we will use the validate
method provided by the SwooleTW\Hyperf\Http\Request
object. If the validation rules pass, your code will keep executing normally; however, if validation fails, an Hyperf\Validation\ValidationException
exception will be thrown and the proper error response will automatically be sent back to the user.
You can catch the validation exception and handle it in your error handler.
To get a better understanding of the validate
method, let's jump back into the store
method:
/**
* Store a new blog post.
*/
public function store(Request $request)
{
$validated = $request->validate([
'title' => 'required|unique:posts|max:255',
'body' => 'required',
]);
// The blog post is valid...
}
As you can see, the validation rules are passed into the validate
method. Don't worry - all available validation rules are documented. Again, if the validation fails, the proper response will automatically be generated. If the validation passes, our controller will continue executing normally.
Alternatively, validation rules may be specified as arrays of rules instead of a single |
delimited string:
$validatedData = $request->validate([
'title' => ['required', 'unique:posts', 'max:255'],
'body' => ['required'],
]);
Stopping on First Validation Failure
Sometimes you may wish to stop running validation rules on an attribute after the first validation failure. To do so, assign the bail
rule to the attribute:
$request->validate([
'title' => 'bail|required|unique:posts|max:255',
'body' => 'required',
]);
In this example, if the unique
rule on the title
attribute fails, the max
rule will not be checked. Rules will be validated in the order they are assigned.
A Note on Nested Attributes
If the incoming HTTP request contains "nested" field data, you may specify these fields in your validation rules using "dot" syntax:
$request->validate([
'title' => 'required|unique:posts|max:255',
'author.name' => 'required',
'author.description' => 'required',
]);
On the other hand, if your field name contains a literal period, you can explicitly prevent this from being interpreted as "dot" syntax by escaping the period with a backslash:
$request->validate([
'title' => 'required|unique:posts|max:255',
'v1\.0' => 'required',
]);
Displaying the Validation Errors
An $errors
variable can be shared with all of your application's views by the Hyperf\ViewEngine\Http\Middleware\ValidationExceptionHandle
middleware. You can add it to the web
middleware group. When this middleware is applied an $errors
variable will always be available in your views, allowing you to conveniently assume the $errors
variable is always defined and can be safely used. The $errors
variable will be an instance of Hyperf\ViewEngine\ViewErrorBag
. For more information on working with this object, check out its documentation.
So, in our example, the user will be redirected to our controller's create
method when validation fails, allowing us to display the error messages in the view:
<!-- /resources/views/post/create.blade.php -->
<h1>Create Post</h1>
@if ($errors->any())
<div class="alert alert-danger">
<ul>
@foreach ($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div>
@endif
<!-- Create Post Form -->
Customizing the Error Messages
Laravel Hyperf's built-in validation rules each have an error message that is located in your application's lang/en/validation.php
file. If your application does not have a lang
directory, you may instruct Laravel to create it using the lang:publish
Artisan command.
Within the lang/en/validation.php
file, you will find a translation entry for each validation rule. You are free to change or modify these messages based on the needs of your application.
In addition, you may copy this file to another language directory to translate the messages for your application's language. To learn more about Laravel Hyperf localization, check out the complete localization documentation.
XHR Requests and Validation
In this example, we used a traditional form to send data to the application. However, many applications receive XHR requests from a JavaScript powered frontend. When using the validate
method during an XHR request, Laravel Hyperf will generates a JSON response containing all of the validation errors. This JSON response will be sent with a 422 HTTP status code.
The @error
Directive
You may use the @error
Blade directive to quickly determine if validation error messages exist for a given attribute. Within an @error
directive, you may echo the $message
variable to display the error message:
<!-- /resources/views/post/create.blade.php -->
<label for="title">Post Title</label>
<input id="title"
type="text"
name="title"
class="@error('title') is-invalid @enderror">
@error('title')
<div class="alert alert-danger">{{ $message }}</div>
@enderror
If you are using named error bags, you may pass the name of the error bag as the second argument to the @error
directive:
<input ... class="@error('title', 'post') is-invalid @enderror">
A Note on Optional Fields
By default, Laravel Hyperf includes the TrimStrings
and ConvertEmptyStringsToNull
middleware in your application's global middleware stack. These middleware are listed but disabled in the stack by the App\Http\Kernel
class. If you enable these middleware, you will often need to mark your "optional" request fields as nullable
if you do not want the validator to consider null
values as invalid. For example:
$request->validate([
'title' => 'required|unique:posts|max:255',
'body' => 'required',
'publish_at' => 'nullable|date',
]);
In this example, we are specifying that the publish_at
field may be either null
or a valid date representation. If the nullable
modifier is not added to the rule definition, the validator would consider null
an invalid date.
Validation Error Response Format
When your application throws a Hyperf\Validation\ValidationException
exception and the incoming HTTP request is expecting a JSON response, Laravel Hyperf will automatically format the error messages for you and return a 422 Unprocessable Entity
HTTP response.
Note
This behavior is handled by the App\Exceptions\Handlers\ApiExceptionHandler
class.
Below, you can review an example of the JSON response format for validation errors. Note that nested error keys are flattened into "dot" notation format:
{
"code": 422,
"exception": "Hyperf\\Validation\\ValidationException",
"message": "The team name must be a string. (and 4 more errors)",
"errors": {
"team_name": [
"The team name must be a string.",
"The team name must be at least 1 characters."
],
"authorization.role": [
"The selected authorization.role is invalid."
],
"users.0.email": [
"The users.0.email field is required."
],
"users.2.email": [
"The users.2.email must be a valid email address."
]
}
}
Form Request Validation
Creating Form Requests
For more complex validation scenarios, you may wish to create a "form request". Form requests are custom request classes that encapsulate their own validation and authorization logic. To create a form request class, you may use the make:request
Artisan CLI command:
php artisan make:request StorePostRequest
The generated form request class will be placed in the app/Http/Requests
directory. If this directory does not exist, it will be created when you run the make:request
command. Each form request generated by Laravel Hyperf has two methods: authorize
and rules
.
As you might have guessed, the authorize
method is responsible for determining if the currently authenticated user can perform the action represented by the request, while the rules
method returns the validation rules that should apply to the request's data:
/**
* Get the validation rules that apply to the request.
*
* @return array<string, \Hyperf\Validation\Contract\Rule|array|string>
*/
public function rules(): array
{
return [
'title' => 'required|unique:posts|max:255',
'body' => 'required',
];
}
So, how are the validation rules evaluated? All you need to do is type-hint the request on your controller method. The incoming form request is validated before the controller method is called, meaning you do not need to clutter your controller with any validation logic:
/**
* Store a new blog post.
*/
public function store(StorePostRequest $request): ResponseInterface
{
// The incoming request is valid...
// Retrieve the validated input data...
$validated = $request->validated();
// Store the blog post...
return redirect('/posts');
}
If validation fails, a redirect response will be generated to send the user back to their previous location. The errors will also be flashed to the session so they are available for display. If the request was an XHR request, an HTTP response with a 422 status code will be returned to the user including a JSON representation of the validation errors.
Performing Additional Validation
Sometimes you need to perform additional validation after your initial validation is complete. You can accomplish this using the form request's after
method.
The after
method should return an array of callables or closures which will be invoked after validation is complete. The given callables will receive an Hyperf\Validation\Validator
instance, allowing you to raise additional error messages if necessary:
use Hyperf\Validation\Validator;
/**
* Get the "after" validation callables for the request.
*/
public function after(): array
{
return [
function (Validator $validator) {
if ($this->somethingElseIsInvalid()) {
$validator->errors()->add(
'field',
'Something is wrong with this field!'
);
}
}
];
}
As noted, the array returned by the after
method may also contain invokable classes. The __invoke
method of these classes will receive an Hyperf\Validation\Validator
instance:
use App\Validation\ValidateShippingTime;
use App\Validation\ValidateUserStatus;
use Hyperf\Validation\Validator;
/**
* Get the "after" validation callables for the request.
*/
public function after(): array
{
return [
new ValidateUserStatus,
new ValidateShippingTime,
function (Validator $validator) {
//
}
];
}
Authorizing Form Requests
The form request class also contains an authorize
method. Within this method, you may determine if the authenticated user actually has the authority to update a given resource. For example, you may determine if a user actually owns a blog comment they are attempting to update. Most likely, you will interact with your authorization gates and policies within this method:
use App\Models\Comment;
/**
* Determine if the user is authorized to make this request.
*/
public function authorize(): bool
{
// authorization logic
}
If the authorize
method returns false
, an HTTP response with a 403 status code will automatically be returned and your controller method will not execute.
If you plan to handle authorization logic for the request in another part of your application, you may remove the authorize
method completely, or simply return true
:
/**
* Determine if the user is authorized to make this request.
*/
public function authorize(): bool
{
return true;
}
Customizing the Error Messages
You may customize the error messages used by the form request by overriding the messages
method. This method should return an array of attribute / rule pairs and their corresponding error messages:
/**
* Get the error messages for the defined validation rules.
*
* @return array<string, string>
*/
public function messages(): array
{
return [
'title.required' => 'A title is required',
'body.required' => 'A message is required',
];
}
Customizing the Validation Attributes
Many of Laravel Hyperf's built-in validation rule error messages contain an :attribute
placeholder. If you would like the :attribute
placeholder of your validation message to be replaced with a custom attribute name, you may specify the custom names by overriding the attributes
method. This method should return an array of attribute / name pairs:
/**
* Get custom attributes for validator errors.
*
* @return array<string, string>
*/
public function attributes(): array
{
return [
'email' => 'email address',
];
}
Preparing Input for Validation
If you need to prepare or sanitize any data from the request before you apply your validation rules, you may use the prepareForValidation
method:
use Hyperf\Stringalbe\Str;
/**
* Prepare the data for validation.
*/
protected function prepareForValidation(): void
{
$this->merge([
'slug' => Str::slug($this->slug),
]);
}
Manually Creating Validators
If you do not want to use the validate
method on the request, you may create a validator instance manually using the Validator
facade. The make
method on the facade generates a new validator instance:
<?php
namespace App\Http\Controllers;
use Psr\Http\Message\ResponseInterface;
use SwooleTW\Hyperf\Http\Request;
use SwooleTW\Hyperf\Support\Facades\Validator;
class PostController extends Controller
{
/**
* Store a new blog post.
*/
public function store(Request $request): ResponseInterface
{
$validator = Validator::make($request->all(), [
'title' => 'required|unique:posts|max:255',
'body' => 'required',
]);
if ($validator->fails()) {
return redirect('post/create');
}
// Retrieve the validated input...
$validated = $validator->validated();
// Store the blog post...
return redirect('/posts');
}
}
The first argument passed to the make
method is the data under validation. The second argument is an array of the validation rules that should be applied to the data.
Customizing the Error Messages
If needed, you may provide custom error messages that a validator instance should use instead of the default error messages provided by Laravel Hyperf. There are several ways to specify custom messages. First, you may pass the custom messages as the third argument to the Validator::make
method:
$validator = Validator::make($input, $rules, $messages = [
'required' => 'The :attribute field is required.',
]);
In this example, the :attribute
placeholder will be replaced by the actual name of the field under validation. You may also utilize other placeholders in validation messages. For example:
$messages = [
'same' => 'The :attribute and :other must match.',
'size' => 'The :attribute must be exactly :size.',
'between' => 'The :attribute value :input is not between :min - :max.',
'in' => 'The :attribute must be one of the following types: :values',
];
Specifying a Custom Message for a Given Attribute
Sometimes you may wish to specify a custom error message only for a specific attribute. You may do so using "dot" notation. Specify the attribute's name first, followed by the rule:
$messages = [
'email.required' => 'We need to know your email address!',
];
Specifying Custom Attribute Values
Many of Laravel Hyperf's built-in error messages include an :attribute
placeholder that is replaced with the name of the field or attribute under validation. To customize the values used to replace these placeholders for specific fields, you may pass an array of custom attributes as the fourth argument to the Validator::make
method:
$validator = Validator::make($input, $rules, $messages, [
'email' => 'email address',
]);
Performing Additional Validation
Sometimes you need to perform additional validation after your initial validation is complete. You can accomplish this using the validator's after
method. The after
method accepts a closure or an array of callables which will be invoked after validation is complete. The given callables will receive an Hyperf\Validation\Validator
instance, allowing you to raise additional error messages if necessary:
use SwooleTW\Hyperf\Support\Facades\Validator;
$validator = Validator::make(/* ... */);
$validator->after(function ($validator) {
if ($this->somethingElseIsInvalid()) {
$validator->errors()->add(
'field', 'Something is wrong with this field!'
);
}
});
if ($validator->fails()) {
// ...
}
As noted, the after
method also accepts an array of callables, which is particularly convenient if your "after validation" logic is encapsulated in invokable classes, which will receive an Hyperf\Validation\Validator
instance via their __invoke
method:
use App\Validation\ValidateShippingTime;
use App\Validation\ValidateUserStatus;
$validator->after([
new ValidateUserStatus,
new ValidateShippingTime,
function ($validator) {
// ...
},
]);
Working With Validated Input
After validating incoming request data using a form request or a manually created validator instance, you may wish to retrieve the incoming request data that actually underwent validation. This can be accomplished in several ways. First, you may call the validated
method on a form request or validator instance. This method returns an array of the data that was validated:
$validated = $request->validated();
$validated = $validator->validated();
Working With Error Messages
After calling the errors
method on a Validator
instance, you will receive an Hyperf\Support\MessageBag
instance, which has a variety of convenient methods for working with error messages. The $errors
variable that is automatically made available to all views is also an instance of the MessageBag
class.
Retrieving the First Error Message for a Field
To retrieve the first error message for a given field, use the first
method:
$errors = $validator->errors();
echo $errors->first('email');
Retrieving All Error Messages for a Field
If you need to retrieve an array of all the messages for a given field, use the get
method:
foreach ($errors->get('email') as $message) {
// ...
}
If you are validating an array form field, you may retrieve all of the messages for each of the array elements using the *
character:
foreach ($errors->get('attachments.*') as $message) {
// ...
}
Retrieving All Error Messages for All Fields
To retrieve an array of all messages for all fields, use the all
method:
foreach ($errors->all() as $message) {
// ...
}
Determining if Messages Exist for a Field
The has
method may be used to determine if any error messages exist for a given field:
if ($errors->has('email')) {
// ...
}
Specifying Custom Messages in Language Files
Laravel Hyperf's built-in validation rules each have an error message that is located in your application's lang/en/validation.php
file.
Within the lang/en/validation.php
file, you will find a translation entry for each validation rule. You are free to change or modify these messages based on the needs of your application.
In addition, you may copy this file to another language directory to translate the messages for your application's language. To learn more about Laravel localization, check out the complete localization documentation.
Custom Messages for Specific Attributes
You may customize the error messages used for specified attribute and rule combinations within your application's validation language files. To do so, add your message customizations to the custom
array of your application's lang/xx/validation.php
language file:
'custom' => [
'email' => [
'required' => 'We need to know your email address!',
'max' => 'Your email address is too long!'
],
],
Specifying Attributes in Language Files
Many of Laravel Hyperf's built-in error messages include an :attribute
placeholder that is replaced with the name of the field or attribute under validation. If you would like the :attribute
portion of your validation message to be replaced with a custom value, you may specify the custom attribute name in the attributes
array of your lang/xx/validation.php
language file:
'attributes' => [
'email' => 'email address',
],
Specifying Values in Language Files
Some of Laravel Hyperf's built-in validation rule error messages contain a :value
placeholder that is replaced with the current value of the request attribute. However, you may occasionally need the :value
portion of your validation message to be replaced with a custom representation of the value. For example, consider the following rule that specifies that a credit card number is required if the payment_type
has a value of cc
:
Validator::make($request->all(), [
'credit_card_number' => 'required_if:payment_type,cc'
]);
If this validation rule fails, it will produce the following error message:
The credit card number field is required when payment type is cc.
Instead of displaying cc
as the payment type value, you may specify a more user-friendly value representation in your lang/xx/validation.php
language file by defining a values
array:
'values' => [
'payment_type' => [
'cc' => 'credit card'
],
],
After defining this value, the validation rule will produce the following error message:
The credit card number field is required when payment type is credit card.
Available Validation Rules
Below is a list of all available validation rules and their function:
AcceptedAccepted IfActive URLAfter (Date)After Or Equal (Date)AlphaAlpha DashAlpha NumericArrayAsciiBailBefore (Date)Before Or Equal (Date)BetweenBooleanConfirmedCurrent PasswordDateDate EqualsDate FormatDecimalDeclinedDeclined IfDifferentDigitsDigits BetweenDimensions (Image Files)DistinctDoesnt Start WithDoesnt End WithEmailEnds WithExcludeExclude IfExclude UnlessExclude WithExclude WithoutExists (Database)FileFilledGreater ThanGreater Than Or EqualHex ColorImage (File)InIn ArrayIntegerIP AddressJSONLess ThanLess Than Or EqualLowercaseMAC AddressMaxMax DigitsMIME TypesMIME Type By File ExtensionMinMin DigitsMissingMissing IfMissing UnlessMissing WithMissing With AllMultiple OfNot InNot RegexNullableNumericPresentPresent IfPresent UnlessPresent WithPresent With AllProhibitedProhibited IfProhibited UnlessProhibitsRegular ExpressionRequiredRequired IfRequired UnlessRequired WithRequired With AllRequired WithoutRequired Without AllRequired Array KeysSameSizeSometimesStarts WithStringTimezoneUnique (Database)UppercaseURLUUID
accepted
The field under validation must be "yes"
, "on"
, 1
, "1"
, true
, or "true"
. This is useful for validating "Terms of Service" acceptance or similar fields.
accepted_if:anotherfield,value,...
The field under validation must be "yes"
, "on"
, 1
, "1"
, true
, or "true"
if another field under validation is equal to a specified value. This is useful for validating "Terms of Service" acceptance or similar fields.
active_url
The field under validation must have a valid A or AAAA record according to the dns_get_record
PHP function. The hostname of the provided URL is extracted using the parse_url
PHP function before being passed to dns_get_record
.
after:date
The field under validation must be a value after a given date. The dates will be passed into the strtotime
PHP function in order to be converted to a valid DateTime
instance:
'start_date' => 'required|date|after:tomorrow'
Instead of passing a date string to be evaluated by strtotime
, you may specify another field to compare against the date:
'finish_date' => 'required|date|after:start_date'
after_or_equal:date
The field under validation must be a value after or equal to the given date. For more information, see the after rule.
alpha
The field under validation must be entirely Unicode alphabetic characters contained in \p{L}
and \p{M}
.
To restrict this validation rule to characters in the ASCII range (a-z
and A-Z
), you may provide the ascii
option to the validation rule:
'username' => 'alpha:ascii',
alpha_dash
The field under validation must be entirely Unicode alpha-numeric characters contained in \p{L}
, \p{M}
, \p{N}
, as well as ASCII dashes (-
) and ASCII underscores (_
).
To restrict this validation rule to characters in the ASCII range (a-z
and A-Z
), you may provide the ascii
option to the validation rule:
'username' => 'alpha_dash:ascii',
alpha_num
The field under validation must be entirely Unicode alpha-numeric characters contained in \p{L}
, \p{M}
, and \p{N}
.
To restrict this validation rule to characters in the ASCII range (a-z
and A-Z
), you may provide the ascii
option to the validation rule:
'username' => 'alpha_num:ascii',
array
The field under validation must be a PHP array
.
When additional values are provided to the array
rule, each key in the input array must be present within the list of values provided to the rule. In the following example, the admin
key in the input array is invalid since it is not contained in the list of values provided to the array
rule:
use SwooleTW\Hyperf\Support\Facades\Validator;
$input = [
'user' => [
'name' => 'Taylor Otwell',
'username' => 'taylorotwell',
'admin' => true,
],
];
Validator::make($input, [
'user' => 'array:name,username',
]);
In general, you should always specify the array keys that are allowed to be present within your array.
ascii
The field under validation must be entirely 7-bit ASCII characters.
bail
Stop running validation rules for the field after the first validation failure.
While the bail
rule will only stop validating a specific field when it encounters a validation failure, the stopOnFirstFailure
method will inform the validator that it should stop validating all attributes once a single validation failure has occurred:
if ($validator->stopOnFirstFailure()->fails()) {
// ...
}
before:date
The field under validation must be a value preceding the given date. The dates will be passed into the PHP strtotime
function in order to be converted into a valid DateTime
instance. In addition, like the after
rule, the name of another field under validation may be supplied as the value of date
.
before_or_equal:date
The field under validation must be a value preceding or equal to the given date. The dates will be passed into the PHP strtotime
function in order to be converted into a valid DateTime
instance. In addition, like the after
rule, the name of another field under validation may be supplied as the value of date
.
between:min,max
The field under validation must have a size between the given min and max (inclusive). Strings, numerics, arrays, and files are evaluated in the same fashion as the size
rule.
boolean
The field under validation must be able to be cast as a boolean. Accepted input are true
, false
, 1
, 0
, "1"
, and "0"
.
confirmed
The field under validation must have a matching field of {field}_confirmation
. For example, if the field under validation is password
, a matching password_confirmation
field must be present in the input.
date
The field under validation must be a valid, non-relative date according to the strtotime
PHP function.
date_equals:date
The field under validation must be equal to the given date. The dates will be passed into the PHP strtotime
function in order to be converted into a valid DateTime
instance.
date_format:format,...
The field under validation must match one of the given formats. You should use either date
or date_format
when validating a field, not both. This validation rule supports all formats supported by PHP's DateTime class.
decimal:min,max
The field under validation must be numeric and must contain the specified number of decimal places:
// Must have exactly two decimal places (9.99)...
'price' => 'decimal:2'
// Must have between 2 and 4 decimal places...
'price' => 'decimal:2,4'
declined
The field under validation must be "no"
, "off"
, 0
, "0"
, false
, or "false"
.
declined_if:anotherfield,value,...
The field under validation must be "no"
, "off"
, 0
, "0"
, false
, or "false"
if another field under validation is equal to a specified value.
different:field
The field under validation must have a different value than field.
digits:value
The integer under validation must have an exact length of value.
digits_between:min,max
The integer validation must have a length between the given min and max.
dimensions
The file under validation must be an image meeting the dimension constraints as specified by the rule's parameters:
'avatar' => 'dimensions:min_width=100,min_height=200'
Available constraints are: min_width, max_width, min_height, max_height, width, height, ratio.
A ratio constraint should be represented as width divided by height. This can be specified either by a fraction like 3/2
or a float like 1.5
:
'avatar' => 'dimensions:ratio=3/2'
Since this rule requires several arguments, you may use the Rule::dimensions
method to fluently construct the rule:
use SwooleTW\Hyperf\Support\Facades\Validator;
use Hyperf\Validation\Rule;
Validator::make($data, [
'avatar' => [
'required',
Rule::dimensions()->maxWidth(1000)->maxHeight(500)->ratio(3 / 2),
],
]);
distinct
When validating arrays, the field under validation must not have any duplicate values:
'foo.*.id' => 'distinct'
Distinct uses loose variable comparisons by default. To use strict comparisons, you may add the strict
parameter to your validation rule definition:
'foo.*.id' => 'distinct:strict'
You may add ignore_case
to the validation rule's arguments to make the rule ignore capitalization differences:
'foo.*.id' => 'distinct:ignore_case'
doesnt_start_with:foo,bar,...
The field under validation must not start with one of the given values.
doesnt_end_with:foo,bar,...
The field under validation must not end with one of the given values.
The field under validation must be formatted as an email address.
ends_with:foo,bar,...
The field under validation must end with one of the given values.
exclude
The field under validation will be excluded from the request data returned by the validate
and validated
methods.
exclude_if:anotherfield,value
The field under validation will be excluded from the request data returned by the validate
and validated
methods if the anotherfield field is equal to value.
If complex conditional exclusion logic is required, you may utilize the Rule::excludeIf
method. This method accepts a boolean or a closure. When given a closure, the closure should return true
or false
to indicate if the field under validation should be excluded:
use SwooleTW\Hyperf\Support\Facades\Validator;
use Hyperf\Validation\Rule;
Validator::make($request->all(), [
'role_id' => Rule::excludeIf($request->user()->is_admin),
]);
Validator::make($request->all(), [
'role_id' => Rule::excludeIf(fn () => $request->user()->is_admin),
]);
exclude_unless:anotherfield,value
The field under validation will be excluded from the request data returned by the validate
and validated
methods unless anotherfield's field is equal to value. If value is null
(exclude_unless:name,null
), the field under validation will be excluded unless the comparison field is null
or the comparison field is missing from the request data.
exclude_with:anotherfield
The field under validation will be excluded from the request data returned by the validate
and validated
methods if the anotherfield field is present.
exclude_without:anotherfield
The field under validation will be excluded from the request data returned by the validate
and validated
methods if the anotherfield field is not present.
exists:table,column
The field under validation must exist in a given database table.
Basic Usage of Exists Rule
'state' => 'exists:states'
If the column
option is not specified, the field name will be used. So, in this case, the rule will validate that the states
database table contains a record with a state
column value matching the request's state
attribute value.
Specifying a Custom Column Name
You may explicitly specify the database column name that should be used by the validation rule by placing it after the database table name:
'state' => 'exists:states,abbreviation'
Occasionally, you may need to specify a specific database connection to be used for the exists
query. You can accomplish this by prepending the connection name to the table name:
'email' => 'exists:connection.staff,email'
Instead of specifying the table name directly, you may specify the Eloquent model which should be used to determine the table name:
'user_id' => 'exists:App\Models\User,id'
If you would like to customize the query executed by the validation rule, you may use the Rule
class to fluently define the rule. In this example, we'll also specify the validation rules as an array instead of using the |
character to delimit them:
use SwooleTW\Hyperf\Support\Facades\Validator;
use Hyperf\Validation\Rule;
Validator::make($data, [
'email' => [
'required',
Rule::exists('staff')->where(function ($query) {
return $query->where('account_id', 1);
}),
],
]);
You may explicitly specify the database column name that should be used by the exists
rule generated by the Rule::exists
method by providing the column name as the second argument to the exists
method:
'state' => Rule::exists('states', 'abbreviation'),
file
The field under validation must be a successfully uploaded file.
filled
The field under validation must not be empty when it is present.
gt:field
The field under validation must be greater than the given field or value. The two fields must be of the same type. Strings, numerics, arrays, and files are evaluated using the same conventions as the size
rule.
gte:field
The field under validation must be greater than or equal to the given field or value. The two fields must be of the same type. Strings, numerics, arrays, and files are evaluated using the same conventions as the size
rule.
image
The file under validation must be an image (jpg, jpeg, png, bmp, gif, svg, or webp).
in:foo,bar,...
The field under validation must be included in the given list of values. Since this rule often requires you to implode
an array, the Rule::in
method may be used to fluently construct the rule:
use SwooleTW\Hyperf\Support\Facades\Validator;
use Hyperf\Validation\Rule;
Validator::make($data, [
'zones' => [
'required',
Rule::in(['first-zone', 'second-zone']),
],
]);
When the in
rule is combined with the array
rule, each value in the input array must be present within the list of values provided to the in
rule. In the following example, the LAS
airport code in the input array is invalid since it is not contained in the list of airports provided to the in
rule:
use SwooleTW\Hyperf\Support\Facades\Validator;
use Hyperf\Validation\Rule;
$input = [
'airports' => ['NYC', 'LAS'],
];
Validator::make($input, [
'airports' => [
'required',
'array',
],
'airports.*' => Rule::in(['NYC', 'LIT']),
]);
in_array:anotherfield.*
The field under validation must exist in anotherfield's values.
integer
The field under validation must be an integer.
Warning
This validation rule does not verify that the input is of the "integer" variable type, only that the input is of a type accepted by PHP's FILTER_VALIDATE_INT
rule. If you need to validate the input as being a number please use this rule in combination with the numeric
validation rule.
ip
The field under validation must be an IP address.
ipv4
The field under validation must be an IPv4 address.
ipv6
The field under validation must be an IPv6 address.
json
The field under validation must be a valid JSON string.
lt:field
The field under validation must be less than the given field. The two fields must be of the same type. Strings, numerics, arrays, and files are evaluated using the same conventions as the size
rule.
lte:field
The field under validation must be less than or equal to the given field. The two fields must be of the same type. Strings, numerics, arrays, and files are evaluated using the same conventions as the size
rule.
lowercase
The field under validation must be lowercase.
mac_address
The field under validation must be a MAC address.
max:value
The field under validation must be less than or equal to a maximum value. Strings, numerics, arrays, and files are evaluated in the same fashion as the size
rule.
max_digits:value
The integer under validation must have a maximum length of value.
mimetypes:text/plain,...
The file under validation must match one of the given MIME types:
'video' => 'mimetypes:video/avi,video/mpeg,video/quicktime'
To determine the MIME type of the uploaded file, the file's contents will be read and the framework will attempt to guess the MIME type, which may be different from the client's provided MIME type.
mimes:foo,bar,...
The file under validation must have a MIME type corresponding to one of the listed extensions:
'photo' => 'mimes:jpg,bmp,png'
Even though you only need to specify the extensions, this rule actually validates the MIME type of the file by reading the file's contents and guessing its MIME type. A full listing of MIME types and their corresponding extensions may be found at the following location:
https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
MIME Types and Extensions
This validation rule does not verify agreement between the MIME type and the extension the user assigned to the file. For example, the mimes:png
validation rule would consider a file containing valid PNG content to be a valid PNG image, even if the file is named photo.txt
. If you would like to validate the user-assigned extension of the file, you may use the extensions
rule.
min:value
The field under validation must have a minimum value. Strings, numerics, arrays, and files are evaluated in the same fashion as the size
rule.
min_digits:value
The integer under validation must have a minimum length of value.
multiple_of:value
The field under validation must be a multiple of value.
missing
The field under validation must not be present in the input data.
missing_if:anotherfield,value,...
The field under validation must not be present if the anotherfield field is equal to any value.
missing_unless:anotherfield,value
The field under validation must not be present unless the anotherfield field is equal to any value.
missing_with:foo,bar,...
The field under validation must not be present only if any of the other specified fields are present.
missing_with_all:foo,bar,...
The field under validation must not be present only if all of the other specified fields are present.
not_in:foo,bar,...
The field under validation must not be included in the given list of values. The Rule::notIn
method may be used to fluently construct the rule:
use Hyperf\Validation\Rule;
Validator::make($data, [
'toppings' => [
'required',
Rule::notIn(['sprinkles', 'cherries']),
],
]);
not_regex:pattern
The field under validation must not match the given regular expression.
Internally, this rule uses the PHP preg_match
function. The pattern specified should obey the same formatting required by preg_match
and thus also include valid delimiters. For example: 'email' => 'not_regex:/^.+$/i'
.
Warning
When using the regex
/ not_regex
patterns, it may be necessary to specify your validation rules using an array instead of using |
delimiters, especially if the regular expression contains a |
character.
nullable
The field under validation may be null
.
numeric
The field under validation must be numeric.
present
The field under validation must exist in the input data.
present_if:anotherfield,value,...
The field under validation must be present if the anotherfield field is equal to any value.
present_unless:anotherfield,value
The field under validation must be present unless the anotherfield field is equal to any value.
present_with:foo,bar,...
The field under validation must be present only if any of the other specified fields are present.
present_with_all:foo,bar,...
The field under validation must be present only if all of the other specified fields are present.
prohibited
The field under validation must be missing or empty. A field is "empty" if it meets one of the following criteria:
- The value is
null
. - The value is an empty string.
- The value is an empty array or empty
Countable
object. - The value is an uploaded file with an empty path.
prohibited_if:anotherfield,value,...
The field under validation must be missing or empty if the anotherfield field is equal to any value. A field is "empty" if it meets one of the following criteria:
- The value is
null
. - The value is an empty string.
- The value is an empty array or empty
Countable
object. - The value is an uploaded file with an empty path.
If complex conditional prohibition logic is required, you may utilize the Rule::prohibitedIf
method. This method accepts a boolean or a closure. When given a closure, the closure should return true
or false
to indicate if the field under validation should be prohibited:
use SwooleTW\Hyperf\Support\Facades\Validator;
use Hyperf\Validation\Rule;
Validator::make($request->all(), [
'role_id' => Rule::prohibitedIf($request->user()->is_admin),
]);
Validator::make($request->all(), [
'role_id' => Rule::prohibitedIf(fn () => $request->user()->is_admin),
]);
prohibited_unless:anotherfield,value,...
The field under validation must be missing or empty unless the anotherfield field is equal to any value. A field is "empty" if it meets one of the following criteria:
- The value is
null
. - The value is an empty string.
- The value is an empty array or empty
Countable
object. - The value is an uploaded file with an empty path.
prohibits:anotherfield,...
If the field under validation is not missing or empty, all fields in anotherfield must be missing or empty. A field is "empty" if it meets one of the following criteria:
- The value is
null
. - The value is an empty string.
- The value is an empty array or empty
Countable
object. - The value is an uploaded file with an empty path.
regex:pattern
The field under validation must match the given regular expression.
Internally, this rule uses the PHP preg_match
function. The pattern specified should obey the same formatting required by preg_match
and thus also include valid delimiters. For example: 'email' => 'regex:/^.+@.+$/i'
.
Warning
When using the regex
/ not_regex
patterns, it may be necessary to specify rules in an array instead of using |
delimiters, especially if the regular expression contains a |
character.
required
The field under validation must be present in the input data and not empty. A field is "empty" if it meets one of the following criteria:
- The value is
null
. - The value is an empty string.
- The value is an empty array or empty
Countable
object. - The value is an uploaded file with no path.
required_if:anotherfield,value,...
The field under validation must be present and not empty if the anotherfield field is equal to any value.
If you would like to construct a more complex condition for the required_if
rule, you may use the Rule::requiredIf
method. This method accepts a boolean or a closure. When passed a closure, the closure should return true
or false
to indicate if the field under validation is required:
use SwooleTW\Hyperf\Support\Facades\Validator;
use Hyperf\Validation\Rule;
Validator::make($request->all(), [
'role_id' => Rule::requiredIf($request->user()->is_admin),
]);
Validator::make($request->all(), [
'role_id' => Rule::requiredIf(fn () => $request->user()->is_admin),
]);
required_unless:anotherfield,value,...
The field under validation must be present and not empty unless the anotherfield field is equal to any value. This also means anotherfield must be present in the request data unless value is null
. If value is null
(required_unless:name,null
), the field under validation will be required unless the comparison field is null
or the comparison field is missing from the request data.
required_with:foo,bar,...
The field under validation must be present and not empty only if any of the other specified fields are present and not empty.
required_with_all:foo,bar,...
The field under validation must be present and not empty only if all of the other specified fields are present and not empty.
required_without:foo,bar,...
The field under validation must be present and not empty only when any of the other specified fields are empty or not present.
required_without_all:foo,bar,...
The field under validation must be present and not empty only when all of the other specified fields are empty or not present.
required_array_keys:foo,bar,...
The field under validation must be an array and must contain at least the specified keys.
same:field
The given field must match the field under validation.
size:value
The field under validation must have a size matching the given value. For string data, value corresponds to the number of characters. For numeric data, value corresponds to a given integer value (the attribute must also have the numeric
or integer
rule). For an array, size corresponds to the count
of the array. For files, size corresponds to the file size in kilobytes. Let's look at some examples:
// Validate that a string is exactly 12 characters long...
'title' => 'size:12';
// Validate that a provided integer equals 10...
'seats' => 'integer|size:10';
// Validate that an array has exactly 5 elements...
'tags' => 'array|size:5';
// Validate that an uploaded file is exactly 512 kilobytes...
'image' => 'file|size:512';
starts_with:foo,bar,...
The field under validation must start with one of the given values.
string
The field under validation must be a string. If you would like to allow the field to also be null
, you should assign the nullable
rule to the field.
timezone
The field under validation must be a valid timezone identifier according to the DateTimeZone::listIdentifiers
method.
The arguments accepted by the DateTimeZone::listIdentifiers
method may also be provided to this validation rule:
'timezone' => 'required|timezone:all';
'timezone' => 'required|timezone:Africa';
'timezone' => 'required|timezone:per_country,US';
unique:table,column
The field under validation must not exist within the given database table.
Specifying a Custom Table / Column Name:
Instead of specifying the table name directly, you may specify the Eloquent model which should be used to determine the table name:
'email' => 'unique:App\Models\User,email_address'
The column
option may be used to specify the field's corresponding database column. If the column
option is not specified, the name of the field under validation will be used.
'email' => 'unique:users,email_address'
Specifying a Custom Database Connection
Occasionally, you may need to set a custom connection for database queries made by the Validator. To accomplish this, you may prepend the connection name to the table name:
'email' => 'unique:connection.users,email_address'
Forcing a Unique Rule to Ignore a Given ID:
Sometimes, you may wish to ignore a given ID during unique validation. For example, consider an "update profile" screen that includes the user's name, email address, and location. You will probably want to verify that the email address is unique. However, if the user only changes the name field and not the email field, you do not want a validation error to be thrown because the user is already the owner of the email address in question.
To instruct the validator to ignore the user's ID, we'll use the Rule
class to fluently define the rule. In this example, we'll also specify the validation rules as an array instead of using the |
character to delimit the rules:
use SwooleTW\Hyperf\Support\Facades\Validator;
use Hyperf\Validation\Rule;
Validator::make($data, [
'email' => [
'required',
Rule::unique('users')->ignore($user->id),
],
]);
Warning
You should never pass any user controlled request input into the ignore
method. Instead, you should only pass a system generated unique ID such as an auto-incrementing ID or UUID from an Eloquent model instance. Otherwise, your application will be vulnerable to an SQL injection attack.
Instead of passing the model key's value to the ignore
method, you may also pass the entire model instance. Laravel Hyperf will automatically extract the key from the model:
Rule::unique('users')->ignore($user)
If your table uses a primary key column name other than id
, you may specify the name of the column when calling the ignore
method:
Rule::unique('users')->ignore($user->id, 'user_id')
By default, the unique
rule will check the uniqueness of the column matching the name of the attribute being validated. However, you may pass a different column name as the second argument to the unique
method:
Rule::unique('users', 'email_address')->ignore($user->id)
Adding Additional Where Clauses:
You may specify additional query conditions by customizing the query using the where
method. For example, let's add a query condition that scopes the query to only search records that have an account_id
column value of 1
:
'email' => Rule::unique('users')->where(fn (Builder $query) => $query->where('
account_id', 1))
uppercase
The field under validation must be uppercase.
url
The field under validation must be a valid URL.
If you would like to specify the URL protocols that should be considered valid, you may pass the protocols as validation rule parameters:
'url' => 'url:http,https',
'game' => 'url:minecraft,steam',
uuid
The field under validation must be a valid RFC 4122 (version 1, 3, 4, or 5) universally unique identifier (UUID).
Conditionally Adding Rules
Skipping Validation When Fields Have Certain Values
You may occasionally wish to not validate a given field if another field has a given value. You may accomplish this using the exclude_if
validation rule. In this example, the appointment_date
and doctor_name
fields will not be validated if the has_appointment
field has a value of false
:
use SwooleTW\Hyperf\Support\Facades\Validator;
$validator = Validator::make($data, [
'has_appointment' => 'required|boolean',
'appointment_date' => 'exclude_if:has_appointment,false|required|date',
'doctor_name' => 'exclude_if:has_appointment,false|required|string',
]);
Alternatively, you may use the exclude_unless
rule to not validate a given field unless another field has a given value:
$validator = Validator::make($data, [
'has_appointment' => 'required|boolean',
'appointment_date' => 'exclude_unless:has_appointment,true|required|date',
'doctor_name' => 'exclude_unless:has_appointment,true|required|string',
]);
Validating When Present
In some situations, you may wish to run validation checks against a field only if that field is present in the data being validated. To quickly accomplish this, add the sometimes
rule to your rule list:
$v = Validator::make($data, [
'email' => 'sometimes|required|email',
]);
In the example above, the email
field will only be validated if it is present in the $data
array.
Note
If you are attempting to validate a field that should always be present but may be empty, check out this note on optional fields.
Complex Conditional Validation
Sometimes you may wish to add validation rules based on more complex conditional logic. For example, you may wish to require a given field only if another field has a greater value than 100. Or, you may need two fields to have a given value only when another field is present. Adding these validation rules doesn't have to be a pain. First, create a Validator
instance with your static rules that never change:
use SwooleTW\Hyperf\Support\Facades\Validator;
$validator = Validator::make($request->all(), [
'email' => 'required|email',
'games' => 'required|numeric',
]);
Let's assume our web application is for game collectors. If a game collector registers with our application and they own more than 100 games, we want them to explain why they own so many games. For example, perhaps they run a game resale shop, or maybe they just enjoy collecting games. To conditionally add this requirement, we can use the sometimes
method on the Validator
instance.
use Hyperf\Support\Fluent;
$validator->sometimes('reason', 'required|max:500', function (Fluent $input) {
return $input->games >= 100;
});
The first argument passed to the sometimes
method is the name of the field we are conditionally validating. The second argument is a list of the rules we want to add. If the closure passed as the third argument returns true
, the rules will be added. This method makes it a breeze to build complex conditional validations. You may even add conditional validations for several fields at once:
$validator->sometimes(['reason', 'cost'], 'required', function (Fluent $input) {
return $input->games >= 100;
});
Note
The $input
parameter passed to your closure will be an instance of Hyperf\Support\Fluent
and may be used to access your input and files under validation.
Complex Conditional Array Validation
Sometimes you may want to validate a field based on another field in the same nested array whose index you do not know. In these situations, you may allow your closure to receive a second argument which will be the current individual item in the array being validated:
$input = [
'channels' => [
[
'type' => 'email',
'address' => '[email protected]',
],
[
'type' => 'url',
'address' => 'https://example.com',
],
],
];
$validator->sometimes('channels.*.address', 'email', function (Fluent $input, Fluent $item) {
return $item->type === 'email';
});
$validator->sometimes('channels.*.address', 'url', function (Fluent $input, Fluent $item) {
return $item->type !== 'email';
});
Like the $input
parameter passed to the closure, the $item
parameter is an instance of Hyperf\Support\Fluent
when the attribute data is an array; otherwise, it is a string.
Validating Arrays
As discussed in the array
validation rule documentation, the array
rule accepts a list of allowed array keys. If any additional keys are present within the array, validation will fail:
use SwooleTW\Hyperf\Support\Facades\Validator;
$input = [
'user' => [
'name' => 'Taylor Otwell',
'username' => 'taylorotwell',
'admin' => true,
],
];
Validator::make($input, [
'user' => 'array:name,username',
]);
In general, you should always specify the array keys that are allowed to be present within your array. Otherwise, the validator's validate
and validated
methods will return all of the validated data, including the array and all of its keys, even if those keys were not validated by other nested array validation rules.
Validating Nested Array Input
Validating nested array based form input fields doesn't have to be a pain. You may use "dot notation" to validate attributes within an array. For example, if the incoming HTTP request contains a photos[profile]
field, you may validate it like so:
use SwooleTW\Hyperf\Support\Facades\Validator;
$validator = Validator::make($request->all(), [
'photos.profile' => 'required|image',
]);
You may also validate each element of an array. For example, to validate that each email in a given array input field is unique, you may do the following:
$validator = Validator::make($request->all(), [
'person.*.email' => 'email|unique:users',
'person.*.first_name' => 'required_with:person.*.last_name',
]);
Likewise, you may use the *
character when specifying custom validation messages in your language files, making it a breeze to use a single validation message for array based fields:
'custom' => [
'person.*.email' => [
'unique' => 'Each person must have a unique email address',
]
],
Accessing Nested Array Data
Sometimes you may need to access the value for a given nested array element when assigning validation rules to the attribute. You may accomplish this using the Rule::forEach
method. The forEach
method accepts a closure that will be invoked for each iteration of the array attribute under validation and will receive the attribute's value and explicit, fully-expanded attribute name. The closure should return an array of rules to assign to the array element:
use App\Rules\HasPermission;
use SwooleTW\Hyperf\Support\Facades\Validator;
use Hyperf\Validation\Rule;
$validator = Validator::make($request->all(), [
'companies.*.id' => Rule::forEach(function (string|null $value, string $attribute) {
return [
Rule::exists(Company::class, 'id'),
new HasPermission('manage-company', $value),
];
}),
]);
Error Message Indexes and Positions
When validating arrays, you may want to reference the index or position of a particular item that failed validation within the error message displayed by your application. To accomplish this, you may include the :index
(starts from 0
) and :position
(starts from 1
) placeholders within your custom validation message:
use SwooleTW\Hyperf\Support\Facades\Validator;
$input = [
'photos' => [
[
'name' => 'BeachVacation.jpg',
'description' => 'A photo of my beach vacation!',
],
[
'name' => 'GrandCanyon.jpg',
'description' => '',
],
],
];
Validator::validate($input, [
'photos.*.description' => 'required',
], [
'photos.*.description.required' => 'Please describe photo #:position.',
]);
Given the example above, validation will fail and the user will be presented with the following error of "Please describe photo #2."
If necessary, you may reference more deeply nested indexes and positions via second-index
, second-position
, third-index
, third-position
, etc.
'photos.*.attributes.*.string' => 'Invalid attribute for photo #:second-position.',
Validating Files
Laravel provides a variety of validation rules that may be used to validate uploaded files, such as mimes
, image
, min
, and max
. While you are free to specify these rules individually when validating files, Laravel Hyperf also offers a fluent file validation rule builder that you may find convenient:
use SwooleTW\Hyperf\Support\Facades\Validator;
use Hyperf\Validation\Rules\File;
Validator::validate($input, [
'attachment' => [
'required',
File::types(['mp3', 'wav'])
->min(1024)
->max(12 * 1024),
],
]);
If your application accepts images uploaded by your users, you may use the File
rule's image
constructor method to indicate that the uploaded file should be an image. In addition, the dimensions
rule may be used to limit the dimensions of the image:
use SwooleTW\Hyperf\Support\Facades\Validator;
use Hyperf\Validation\Rule;
use Hyperf\Validation\Rules\File;
Validator::validate($input, [
'photo' => [
'required',
File::image()
->min(1024)
->max(12 * 1024)
->dimensions(Rule::dimensions()->maxWidth(1000)->maxHeight(500)),
],
]);
Note
More information regarding validating image dimensions may be found in the dimension rule documentation.
File Sizes
For convenience, minimum and maximum file sizes may be specified as a string with a suffix indicating the file size units. The kb
, mb
, gb
, and tb
suffixes are supported:
File::image()
->min('1kb')
->max('10mb')
File Types
Even though you only need to specify the extensions when invoking the types
method, this method actually validates the MIME type of the file by reading the file's contents and guessing its MIME type. A full listing of MIME types and their corresponding extensions may be found at the following location:
https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
Validating Passwords
To ensure that passwords have an adequate level of complexity, you may use Laravel Hyperf's Password
rule object:
use SwooleTW\Hyperf\Support\Facades\Validator;
use Hyperf\Validation\Rules\Password;
$validator = Validator::make($request->all(), [
'password' => ['required', 'confirmed', Password::min(8)],
]);
The Password
rule object allows you to easily customize the password complexity requirements for your application, such as specifying that passwords require at least one letter, number, symbol, or characters with mixed casing:
// Require at least 8 characters...
Password::min(8)
// Require at least one letter...
Password::min(8)->letters()
// Require at least one uppercase and one lowercase letter...
Password::min(8)->mixedCase()
// Require at least one number...
Password::min(8)->numbers()
// Require at least one symbol...
Password::min(8)->symbols()
In addition, you may ensure that a password has not been compromised in a public password data breach leak using the uncompromised
method:
Password::min(8)->uncompromised()
Internally, the Password
rule object uses the k-Anonymity model to determine if a password has been leaked via the haveibeenpwned.com service without sacrificing the user's privacy or security.
By default, if a password appears at least once in a data leak, it will be considered compromised. You can customize this threshold using the first argument of the uncompromised
method:
// Ensure the password appears less than 3 times in the same data leak...
Password::min(8)->uncompromised(3);
Of course, you may chain all the methods in the examples above:
Password::min(8)
->letters()
->mixedCase()
->numbers()
->symbols()
->uncompromised()
Defining Default Password Rules
You may find it convenient to specify the default validation rules for passwords in a single location of your application. You can easily accomplish this using the Password::defaults
method, which accepts a closure. The closure given to the defaults
method should return the default configuration of the Password rule. Typically, the defaults
rule should be called within the boot
method of one of your application's service providers:
use Hyperf\Validation\Rules\Password;
/**
* Bootstrap any application services.
*/
public function boot(): void
{
Password::defaults(function () {
$rule = Password::min(8);
return $this->app->isProduction()
? $rule->mixedCase()->uncompromised()
: $rule;
});
}
Then, when you would like to apply the default rules to a particular password undergoing validation, you may invoke the defaults
method with no arguments:
'password' => ['required', Password::defaults()],
Occasionally, you may want to attach additional validation rules to your default password validation rules. You may use the rules
method to accomplish this:
use App\Rules\ZxcvbnRule;
Password::defaults(function () {
$rule = Password::min(8)->rules([new ZxcvbnRule]);
// ...
});
Custom Validation Rules
Using Rule Objects
Laravel Hyperf provides a variety of helpful validation rules; however, you may wish to specify some of your own. One method of registering custom validation rules is using rule objects. To generate a new rule object, you may use the make:rule
Artisan command. Let's use this command to generate a rule that verifies a string is uppercase. Laravel Hyperf will place the new rule in the app/Rules
directory. If this directory does not exist, Laravel Hyperf will create it when you execute the Artisan command to create your rule:
php artisan make:rule Uppercase
Once the rule has been created, we are ready to define its behavior. A rule object contains a single method: validate
. This method receives the attribute name, its value, and a callback that should be invoked on failure with the validation error message:
<?php
namespace App\Rules;
use Closure;
use Hyperf\Validation\Contract\Rule;
class Uppercase implements ValidationRule
{
/**
* Run the validation rule.
*/
public function validate(string $attribute, mixed $value, Closure $fail): void
{
if (strtoupper($value) !== $value) {
$fail('The :attribute must be uppercase.');
}
}
}
Once the rule has been defined, you may attach it to a validator by passing an instance of the rule object with your other validation rules:
use App\Rules\Uppercase;
$request->validate([
'name' => ['required', 'string', new Uppercase],
]);
Accessing Additional Data
If your custom validation rule class needs to access all of the other data undergoing validation, your rule class may implement the Hyperf\Validation\Contract\DataAwareRule
interface. This interface requires your class to define a setData
method. This method will automatically be invoked by Laravel Hyperf (before validation proceeds) with all of the data under validation:
<?php
namespace App\Rules;
use Hyperf\Validation\Contract\DataAwareRule;
use Hyperf\Validation\Contract\Rule;
class Uppercase implements DataAwareRule, ValidationRule
{
/**
* All of the data under validation.
*
* @var array<string, mixed>
*/
protected $data = [];
// ...
/**
* Set the data under validation.
*
* @param array<string, mixed> $data
*/
public function setData(array $data): static
{
$this->data = $data;
return $this;
}
}
Or, if your validation rule requires access to the validator instance performing the validation, you may implement the ValidatorAwareRule
interface:
<?php
namespace App\Rules;
use Hyperf\Validation\Contract\Rule;
use Hyperf\Validation\Contract\ValidatorAwareRule;
use Hyperf\Validation\Validator;
class Uppercase implements ValidationRule, ValidatorAwareRule
{
/**
* The validator instance.
*
* @var \Hyperf\Validation\Validator
*/
protected $validator;
// ...
/**
* Set the current validator.
*/
public function setValidator(Validator $validator): static
{
$this->validator = $validator;
return $this;
}
}
Using Closures
If you only need the functionality of a custom rule once throughout your application, you may use a closure instead of a rule object. The closure receives the attribute's name, the attribute's value, and a $fail
callback that should be called if validation fails:
use SwooleTW\Hyperf\Support\Facades\Validator;
use Closure;
$validator = Validator::make($request->all(), [
'title' => [
'required',
'max:255',
function (string $attribute, mixed $value, Closure $fail) {
if ($value === 'foo') {
$fail("The {$attribute} is invalid.");
}
},
],
]);
Implicit Rules
By default, when an attribute being validated is not present or contains an empty string, normal validation rules, including custom rules, are not run. For example, the unique
rule will not be run against an empty string:
use SwooleTW\Hyperf\Support\Facades\Validator;
$rules = ['name' => 'unique:users,name'];
$input = ['name' => ''];
Validator::make($input, $rules)->passes(); // true
Warning
An "implicit" rule only implies that the attribute is required. Whether it actually invalidates a missing or empty attribute is up to you.