Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Strong Parameters Bundle
Assessments

Strong Parameters Bundle Laravel Package

domingollanes/strong-parameters-bundle

View on GitHub
Deep Wiki
Context7

Getting Started

Minimal Steps

  1. Installation

    composer require domingollanes/strong-parameters-bundle

    Ensure your project is on Symfony 3.4 (as explicitly tested).

  2. Enable the Bundle Add to app/AppKernel.php:

    new DomingoLlanes\StrongParametersBundle\StrongParametersBundle(),

  3. Basic Usage Define allowed parameters in a YAML file (e.g., app/Resources/parameters/your_resource.yml):

    allowed:
  - { name: 'user', type: 'array', allowed: ['name', 'email'] }
  - { name: 'filter', type: 'array', allowed: ['status', 'role'] }

    Use in a controller:

    use DomingoLlanes\StrongParametersBundle\StrongParameters\StrongParameters;

public function updateAction(Request $request, StrongParameters $strongParameters)
{
    $params = $strongParameters->filter($request->request->all(), 'your_resource');
    // $params now contains only allowed keys
}

First Use Case

Sanitize API payloads to prevent mass assignment vulnerabilities. Example:

$filteredData = $strongParameters->filter($request->request->all(), 'user_profile');

Only name, email, and nested address.city (if configured) will pass through.

Implementation Patterns

Core Workflows

  1. Parameter Whitelisting Define strict rules in YAML (or programmatically) to enforce allowed fields:

    # app/Resources/parameters/api_create_user.yml
allowed:
  - { name: 'user', type: 'array', allowed: ['username', 'password'] }
  - { name: 'metadata', type: 'array', allowed: ['created_at'] }

    Use in controller:

    $data = $strongParameters->filter($request->request->all(), 'api_create_user');

  2. Nested Arrays Support multi-level arrays with dot notation:

    allowed:
  - { name: 'user.address', type: 'array', allowed: ['city', 'zip'] }

    Request payload:

    { "user": { "address": { "city": "Berlin", "zip": "10115", "country": "DE" } } }

    Only city and zip survive filtering.

  3. Dynamic Rules Override defaults via configuration:

    strong_parameters:
    resource: '%kernel.project_dir%/config/params/%env(APP_ENV)%/allowed.yml'
    default_deny: true  # Deny all unless explicitly allowed

  4. Service Integration Inject StrongParameters into services:

    class UserService {
    public function __construct(private StrongParameters $strongParameters) {}

    public function createFromRequest(Request $request) {
        $data = $this->strongParameters->filter($request->request->all(), 'user');
        // ...
    }
}

Integration Tips

  • API Gateways: Use with Symfony’s EventDispatcher to validate requests early.
  • Form Handling: Combine with Symfony Forms for hybrid validation.
  • Testing: Mock StrongParameters in unit tests: 
    $mock = $this->createMock(StrongParameters::class);
$mock->method('filter')->willReturn(['name' => 'test']);
$this->controller->setStrongParameters($mock);

Gotchas and Tips

Pitfalls

  1. Deprecation Risk

    • Last release in 2018; test thoroughly. Fork if critical for production.
    • Symfony 4+ compatibility untested (may require adapter layer).

  2. Configuration Overrides

    • Default resource path is hardcoded to app/Resources/parameters/. Override via config.yml: 
      strong_parameters:
    resource: '%kernel.config_dir%/strong_parameters.yml'

  3. Case Sensitivity

    • Parameter names are case-sensitive. Ensure YAML matches request keys exactly.

  4. Circular References

    • Deeply nested arrays may cause infinite loops. Limit recursion depth: 
      $strongParameters->setMaxDepth(5); // Default is 10

  5. Performance

    • Avoid loading large YAML files in high-traffic endpoints. Cache parsed rules: 
      $strongParameters->setCache($cache); // PSR-6 cache instance

Debugging

  • Validate Rules Use dump() to inspect filtered data: 
    $raw = $request->request->all();
$filtered = $strongParameters->filter($raw, 'resource');
dump($raw, $filtered); // Compare inputs/outputs
  • Check YAML Syntax Errors in YAML (e.g., invalid keys) throw cryptic exceptions. Validate with: 
    symfony console debug:config strong_parameters

Extension Points

  1. Custom Validators Extend StrongParameters to add logic (e.g., regex validation):

    class CustomStrongParameters extends StrongParameters {
    public function filter(array $data, string $resource) {
        $data = parent::filter($data, $resource);
        // Add custom rules here
        return $data;
    }
}

    Register as service:

    services:
    app.strong_parameters:
        class: App\CustomStrongParameters
        arguments: ['@service_container']

  2. Dynamic Resource Loading Load rules from a database or API:

    $rules = $this->fetchRulesFromDatabase($resource);
$strongParameters->setRules($rules);

  3. Event Listeners Trigger events on filter operations:

    $strongParameters->addListener(function($event) {
    if ($event->isAllowed('user.email')) {
        // Log or transform
    }
});
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
daikazu/eloquent-salesforce-objects
unseen-codes/chat
romalytar/yammi-jobs-monitoring-laravel
kisame76/filament-db-table-state
nqxcode/laravel-lucene-search
dpfx/laravel-livewire-wizards
workos/workos-php-laravel
sofa/laravel-global-scope
nawasara/auth-primitives
adhocrat-io/arkhe-main
make-dev/orca-harpoon
itsemon245/lamet
baks-dev/dashboard
amoifr/pickle-panther-bundle
make-dev/orca
dmstr/symfony-system-resources-bundle
dmstr/symfony-job-queue-bundle
dmstr/openapi-json-schema-bundle
dmstr/keycloak-security-bundle
dmstr/doctrine-audit-log-bundle