Validation

validation, both serverside and clientside, is essential for a satisfactory user experience, and for security. 

This application makes use of several forms, so it is important that the site be completely tamper-proof.

Thankfully, Laravel takes helps the cause, with the @csrf tag, which prevents csrf attacks, or cross-site request forgery. (explain this).

validation on the registration is handled largely by the livewire auth package, the only tweak made is validation for the username, which was covered in the auth blog post. which leaves 5 forms to validate:

  1. create subweddit
  2. create post
  3. edit post
  4. create comment
  5. create reply

Client side, all of the validation can be handled by laravel's @error directive, which will quickly determine if there is a validation error in an attribute.




The message can be displayed by calling the array $errors. With our Bulma framework, we can make things look a little prettier for the user by changing the form border to red and displaying the red error message.



1. create subwedddit

In accordance with Reddit.com, 

  • Subweddit names are required, must be unique, contain no spaces (much like usernames), with a max character count 20. 
  • Bio is required, and can have a max char count of 64,000
  • The logo must be an image, with an image mime type such as jpg, png or gif (laravel automatically detects the mime type, smart!)

The request can be validated in the store method by laravel's validate() function like so:




2. create post

create post is very similar to creating a subweddit except

  • A post can have a longer character limit, at 255
  • an image is not required, a post can simply have a title and body
like so:




3.edit post

edit post has the exact same validation as create, and as such the edit method has repeated code, the same as the store method.

4/5. create comment/reply

create comment, and create reply have the same validation but call two different store methods, as a reply will attach a parent_id.

The validation it does have is solely that the comment cannot be too long, about 10,000 characters to be precise, is what Reddit allows.





Comments

Post a Comment

Popular posts from this blog

Final Database Design

Image
This is a view of the tables at the end of the project: Subweddit: Subweddit includes an id, name, bio and logo for display and information purposes as well a mod_id, the moderator of the subweddit (the subweddit creator by default right now) Post: Post has a title and body, as well as an optional img field. slug is created from the title field being 'slugified' with underscores (_). As well as this, the author of the post is saved as user_id, and the subweddit the post belongs to is also present. Follow: The follow table is the simplest in the database. apart from the laravel created_at and updated_at fields, this table simply holds the user id and the subweddit id of the subweddit the user follows. Comment: Comment holds one text field as 'body', as well as the author (user_id), and the post it belongs to (post_id). Finally, there is a nullable parent_id column which would be used if the comment is a reply, holding the id of the comment being replied to.
Read more

Views and Policies

Image
Although maximum functionality is achieved by being a logged in user, it is important to think of guest users browsing the site. Baring that in mind lets run through the abilities guests and users: Guest: Home feed showing most recent posts from all subweddits view subweddit and contents view post and comments sign up User: Log in Personalised home feed Create subweddit Follow Subweddit Create Post Post comment/reply to preface: guest and user views could have been achieved in a cleaner way by creating seperate routes in web.php and stating if the user is logged in, redirect to 'logged-in' views, or otherwise 'guest' views. As my AWS instance is running on micro I chose to slim my application down so as not to overload my tiny server. Thusly, I opted for utilising @auth and @guest in the blade file. Not very clean, but effective and 'cost' efficient Starting with the index page: if the page is viewed by a guest, then display all posts from all subweddits, filter...
Read more