feat: add middleware to check JSON request (#43)

This commit introduces a new middleware in the API to ensure that incoming requests are in JSON format. The middleware examines the request headers and responds with an appropriate error if the content type is not set to JSON. This enhancement enhances the API's robustness by enforcing a standardized data format, facilitating better handling of requests and improving overall system reliability. --------- Signed-off-by: Valentin Sickert <[email protected]>
RadioRoster · Dec 6, 2023 · 4aef4a6 · 4aef4a6
1 parent 195a9ca
commit 4aef4a6
Show file tree

Hide file tree

Showing 3 changed files with 83 additions and 0 deletions.
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
@@ -42,6 +42,7 @@ class Kernel extends HttpKernel
             // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
             \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
+            \App\Http\Middleware\JsonOnlyMiddleware::class
         ],
     ];
 

diff --git a/app/Http/Middleware/JsonOnlyMiddleware.php b/app/Http/Middleware/JsonOnlyMiddleware.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class JsonOnlyMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (!$request->isJson()) {
+            return response()->json([
+                'message' => 'Only JSON requests are accepted'
+            ], Response::HTTP_BAD_REQUEST);
+        }
+
+        return $next($request);
+    }
+}
diff --git a/tests/Feature/Http/Middleware/JsonOnlyMiddlewareTest.php b/tests/Feature/Http/Middleware/JsonOnlyMiddlewareTest.php
@@ -0,0 +1,56 @@
+<?php
+
+namespace Tests\Feature\Http\Middleware;
+
+use App\Models\User;
+use Tests\TestCase;
+
+class JsonOnlyMiddlewareTest extends TestCase
+{
+    /**
+     * Test that non-JSON requests are rejected.
+     */
+    public function test_non_json_requests_are_rejected(): void
+    {
+
+        $user = User::factory()->create([
+            'email' => '[email protected]',
+            'password' => bcrypt('ValidPassword'),
+        ]);
+
+        $response = $this->post('/api/v1/login', [
+            'body' => '<?xml version="1.0" encoding="UTF-8"?>
+                <root>
+                    <email>[email protected]</email>
+                    <password>ValidPassword</password>
+                </root>'
+        ], ['Content-Type' => 'text/xml']);
+
+        $response->assertStatus(400)
+            ->assertJson([
+                'message' => 'Only JSON requests are accepted'
+            ]);
+
+        $user->delete();
+    }
+
+    /**
+     * Test that JSON requests are accepted.
+     */
+    public function test_json_requests_are_accepted(): void
+    {
+        $user = User::factory()->create([
+            'email' => '[email protected]',
+            'password' => bcrypt('ValidPassword'),
+        ]);
+
+        $response = $this->postJson('/api/v1/login', [
+            'email' => '[email protected]',
+            'password' => 'ValidPassword',
+        ], ['Content-Type' => 'application/json', 'Accept' => 'application/json']);
+
+        $response->assertStatus(200);
+
+        $user->delete();
+    }
+}