Weave Code
Laravel Query Builder Laravel Package
spatie/laravel-query-builder
Build safe, flexible Eloquent queries from incoming API requests. Supports whitelisted filtering (partial/exact/scope/custom), sorting, includes, field selection, pagination, and grouped AND/OR filters—ideal for JSON:API-style endpoints with minimal boilerplate.
Getting Started
Minimal Steps
-
Installation:
composer require spatie/laravel-query-builderPublish the config (optional):
php artisan vendor:publish --provider="Spatie\QueryBuilder\QueryBuilderServiceProvider" -
First Use Case: Filter a basic API endpoint for
Usermodels:use Spatie\QueryBuilder\QueryBuilder; Route::get('/users', function () { return QueryBuilder::for(User::class) ->allowedFilters('name', 'email') ->get(); });Test with:
GET /users?filter[name]=John
Where to Look First
- Documentation: Start with the "Basic Usage" section.
QueryBuilderFacade: Core class for building queries.AllowedFilter,AllowedSort,AllowedInclude: Classes for defining allowed operations.
Implementation Patterns
Core Workflow
-
Define Allowed Operations:
QueryBuilder::for(User::class) ->allowedFilters('name', 'email') ->allowedSorts('name', 'created_at') ->allowedIncludes('posts', 'permissions') ->allowedFields('id', 'name', 'email'); -
Chain with Existing Queries:
$baseQuery = User::where('active', true); QueryBuilder::for($baseQuery) ->allowedFilters('name') ->get(); -
API Route Integration:
Route::get('/users', function () { return QueryBuilder::for(User::class) ->allowedFilters('name', 'role') ->paginate(15); });
Common Patterns
-
Grouped Filters (OR/AND Logic):
QueryBuilder::for(User::class) ->allowedFilters( AllowedFilter::groupOr('search', [ AllowedFilter::partial('name'), AllowedFilter::partial('email'), ]) ) ->get();Request:
/users?filter[search]=John -
Custom Sorting:
QueryBuilder::for(User::class) ->allowedSorts( AllowedSort::custom('name-length', new StringLengthSort(), 'name') ) ->get(); -
Nested Includes:
QueryBuilder::for(User::class) ->allowedIncludes('posts.comments', 'permissions') ->get(); -
Field Selection:
QueryBuilder::for(User::class) ->allowedFields('id', 'name', 'email') ->get();Request:
/users?fields[users]=id,name
Integration Tips
- Laravel Scout: Combine with
scoutfor search-as-you-type:QueryBuilder::for(User::class) ->allowedFilters('name') ->scout() ->get(); - API Resources: Use
QueryBuilderwithIlluminate\Http\Resources\Json\JsonResourcefor consistent API responses. - Testing: Mock
QueryBuilderin unit tests:$builder = QueryBuilder::for(User::class); $builder->shouldReceive('get')->andReturn(collect([new User()]));
Gotchas and Tips
Pitfalls
-
Case Sensitivity in Filters:
- Partial filters (
partial) are case-insensitive by default. Useexactfor case-sensitive matches:->allowedFilters(AllowedFilter::exact('name'))
- Partial filters (
-
Default Values Override:
- Default filters/sorts are applied after request parameters. Ensure logic aligns with expectations:
// GET /users?filter[name]=John&filter[active]=true // Overrides default `active=true` if present.
- Default filters/sorts are applied after request parameters. Ensure logic aligns with expectations:
-
Nested Includes and Scopes:
- Nested includes (e.g.,
posts.comments) may fail if intermediate relationships lack proper constraints. Test thoroughly.
- Nested includes (e.g.,
-
Field Selection Conflicts:
- Selecting fields (
allowedFields) can break eager-loaded relationships. Usewith()for related data:QueryBuilder::for(User::class) ->allowedFields('id', 'name') ->with('posts:id,title') // Explicitly load related fields ->get();
- Selecting fields (
-
Custom Sort Direction:
- Default direction for custom sorts (
AllowedSort::custom) isASC. Explicitly set if needed:AllowedSort::custom('name-length', new StringLengthSort(), 'name') ->defaultDirection(SortDirection::Descending)
- Default direction for custom sorts (
Debugging Tips
- Log Raw SQL:
QueryBuilder::for(User::class) ->allowedFilters('name') ->toSql(); // Log the generated SQL - Validate Requests:
Use Laravel’s
ValidatesRequeststo sanitize input before processing:public function rules() { return [ 'filter.name' => 'sometimes|string|max:255', 'sort' => 'sometimes|string', ]; } - Exception Handling:
Catch
InvalidFilterQuery,InvalidSortQuery, etc., for graceful API responses:try { return QueryBuilder::for(User::class)->get(); } catch (\Spatie\QueryBuilder\Exceptions\InvalidFilterQuery $e) { return response()->json(['error' => $e->getMessage()], 400); }
Extension Points
-
Custom Filter Logic: Extend
Spatie\QueryBuilder\Filters\Filterfor reusable filters:class AgeFilter extends Filter { protected $name = 'age'; protected $callback; public function __construct() { $this->callback = function ($query, $value) { return $query->where('age', '>=', $value); }; } }Usage:
QueryBuilder::for(User::class) ->allowedFilters(new AgeFilter()) ->get(); -
Middleware for Global Config: Apply
QueryBuildersettings globally via middleware:public function handle($request, Closure $next) { QueryBuilder::setDefaultOperator('and'); return $next($request); } -
Dynamic Allowed Operations: Fetch allowed filters/sorts from a database table:
$allowedFilters = FilterConfig::where('model', User::class)->pluck('field'); QueryBuilder::for(User::class) ->allowedFilters($allowedFilters) ->get(); -
Testing Helpers: Create a trait for consistent test setups:
trait QueryBuilderTests { protected function buildQuery($model, array $allowed = []) { return QueryBuilder::for($model) ->allowedFilters($allowed) ->allowedSorts('id'); } }
Configuration Quirks
- Operator Overrides:
Change the default logical operator (
and/or) globally inconfig/query-builder.php:'default_operator' => 'or', - Empty Filter Handling:
Disable empty filter values with:
QueryBuilder::for(User::class) ->ignoreMissingFilters() ->get(); - Pagination Defaults:
Override default pagination settings:
QueryBuilder::for(User::class) ->paginate(20) ->appends(request()->except('page'));
Weaver
How can I help you explore Laravel packages today?