[QUESTION] 关于表单验证中的array验证规则的实际效果的疑问

[wilbur-yu]

Hyperf version: ~2.2.0
Hyperf Validation versin: v2.2.13

在OrderRequest中的定义如下

<?php

declare(strict_types=1);

namespace App\Request\V1;

use App\Request\Request;

class OrderRequest extends Request
{
    protected $scenes = [
        'privates' => [
            'id',
            'carry_people_info',
        ],
    ];

    public function rules(): array
    {
        return [
            'id' => 'bail|required|string',
            'carry_people_info' => 'bail|sometimes|filled|array:username,tel,gender',
            'carry_people_info.*.username' => [
                'bail',
                'required',
                'string',
                'max:30',
                'regex:/^[\x{4e00}-\x{9fa5}a-zA-Z{\d}{\s}]+$/u',
            ],
            'carry_people_info.*.tel' => [
                'bail',
                'required',
                'size:11',
                'regex:#^1[3456789][0-9]{9}$#',
            ],
            'carry_people_info.*.gender' => 'bail|required|integer|in:1,0',
        ];
    }
}

在OrderController中的定义如下

<?php

declare(strict_types=1);

namespace App\Controller\V1;

use App\Constants\BusCode;
use App\Constants\BusConstant\RouteConstant;
use App\Constants\BusConstant\ServerConstant;
use App\Event\LessonOrderCreatedEvent;
use App\Exception\LessonOrderServiceException;
use App\Middleware\AuthorizationMiddleware;
use App\Middleware\VerifyGuardWasTheStudentMiddleware;
use App\Request\V1\OrderRequest;
use App\Service\Lesson\LessonService;
use App\Service\LessonOrder\LessonOrderService;
use App\Service\LessonScheduleService;
use App\Service\PaymentService;
use Hyperf\Di\Annotation\Inject;
use Hyperf\HttpServer\Annotation\Controller;
use Hyperf\HttpServer\Annotation\GetMapping;
use Hyperf\HttpServer\Annotation\Middlewares;
use Hyperf\HttpServer\Annotation\PostMapping;
use Hyperf\HttpServer\Request;
use JetBrains\PhpStorm\ArrayShape;
use Psr\Http\Message\ResponseInterface;
use Yansongda\Supports\Collection;

use function encrypt;
use function decrypt;

#[Controller(server: ServerConstant::API_HTTP_SERVER['name'], prefix: RouteConstant::API_BASE_PREFIX.'orders')]
#[Middlewares(AuthorizationMiddleware::class, VerifyGuardWasTheStudentMiddleware::class)]
class OrderController extends AbstractController
{
    #[Inject]
    protected OrderService $orderService;

    #[Inject]
    protected PaymentService $paymentService;

    #[Inject]
    protected LessonService $lessonService;

    /**
     * 统一下单入口
     *
     * @return ResponseInterface
     */
    #[PostMapping(path: '')]
    public function ofType(): ResponseInterface
    {
        $type = (string)$this->request->query('type');
        !method_exists($this, $type)
        && throw new LessonOrderServiceException(BusCode::SERVICE_LESSON_TYPE_NOT_FOUND);

        $request = di(LessonOrderRequest::class);
        $request->scene($type)->validateResolved();

        return $this->{$type}($request);
    }

    /**
     * 统一订单创建
     */
    #[ArrayShape(['no' => 'string', 'wechat_pay' => Collection::class])]
    protected function create($model, array $inputs): array
    {
        $inputs['user_id'] = self::user()->id;
        $inputs['ip'] = get_client_ip();

        $order = $this->orderService->create($model, $inputs);

        $order = $this->orderService->buyingBeforeCheck($order);

        $result = $this->paymentService->create($order);

        event()->dispatch(new LessonOrderCreatedEvent($order->id));

        return [
            'no' => encrypt($order->no),
            'wechat_pay' => $result->toArray(),
        ];
    }

    /**
     * @param  \Hyperf\HttpServer\Request  $request
     *
     * @return \Psr\Http\Message\ResponseInterface
     */
    protected function privates(Request $request): ResponseInterface
    {
        $inputs = $request->inputs([
            'id',
            'carry_people_info',
        ]);
        isset($inputs['remark']) && $this->orderService->contentIsSecurity($inputs['remark']);
        $skuId = (int)decrypt($inputs['id']);
        $sku = $this->lessonService->checkBeforeBuying($skuId, $inputs);
        $result = $this->create($sku, $inputs);

        return $this->response->success($result);
    }
}

OrderController->ofType接收请求并根ody据场景值type: 默认为privates进行验证.

在请求body定义如下参数

{
    "id": "78f1N0Hk1OKmSnX_CIUaSIc8zx6R9lTo2FsupR7v8A",
    "carry_people_info": [
        {
            "test": "test"
        }
    ]
}

正常通过, 即针对数组中字段的验证array:username,tel,gender没有产生作用.

在请求body定义如下参数

{
    "id": "78f1N0Hk1OKmSnX_CIUaSIc8zx6R9lTo2FsupR7v8A",
    "carry_people_info": [
        {
            "username": "姓名,./,..@"
        }
    ]
}

正常通过, 即针对数组中元素的验证carry_people_info.*.username没有产生作用.

[laradocs]

不是没有产生作用的原因，而是请求的参数没有通过验证。

例：（请求体）

{
    "id": "78f1N0Hk1OKmSnX_CIUaSIc8zx6R9lTo2FsupR7v8A",
    "carry_people_info": [
        {
            "username": "姓名,./,..@"
        }
    ]
}

满足以下验证条件

'carry_people_info.*' => 'required',
// and
'carry_people_info.username' => 'required',

如果需要满足 carry_people_info.name.username 验证条件，可以这么做：

'carry_people_info.*' => 'required',
// and
'carry_people_info.*.username' => 'required',
// and
'carry_people_info.name.username' => 'required',

附：Hyperf 验证器支持 正则表达式 匹配。

[wilbur-yu]

可以看下我OrderRequest中的定义, 其实我的主要疑惑是对于一个数组类型参数的字段验证. 如OrderRequest定义的一样
array:username,tel,gender, 表示这个数组中必须拥有列出的三个字段

[limingxinleo]

可能是 array:username,tel,gender 的理解的问题，array:field 可能只是如果存在，则进行验证

这块需要查代码了，不过大概率是这个问题

[wilbur-yu]

可能是 array:username,tel,gender 的理解的问题，array:field 可能只是如果存在，则进行验证

这块需要查代码了，不过大概率是这个问题

这个是我的问题, 我默认沿用了Laravel的规则集, 刚才我看了下源码发现. Hyperf中对数组验证规则不支持验证数组字段.
Concerns/ValidatesAttributes.php中对于array的验证只验证了类型. 即:

    /**
     * Validate that an attribute is an array.
     *
     * @param mixed $value
     */
    public function validateArray(string $attribute, $value): bool
    {
        return is_array($value);
    }

Laravel中是多了一步差集的验证.

    /**
     * Validate that an attribute is an array.
     *
     * @param  string  $attribute
     * @param  mixed  $value
     * @param  array<int, int|string>  $parameters
     * @return bool
     */
    public function validateArray($attribute, $value, $parameters = [])
    {
        if (! is_array($value)) {
            return false;
        }

        if (empty($parameters)) {
            return true;
        }

        return empty(array_diff_key($value, array_fill_keys($parameters, '')));
    }

然后是关于嵌套数组的验证, 如上我在OrderRequest中的定义, 我理解流程为: 数组carry_people_info存在时验证, 对应sometimes和filled规则, 进行array类型验证, 并验证该数组key是否符合定义username,tel,gender, 然后是再针对数组中的每个元素进行验证.

这里, 其实我的OrderRequest定义有一些问题, 因为我的carry_people_info参数是一个二维数组, 所以在该参数上进行key验证是不正确的. 应该修改成如下:

    public function rules()
    {
        return [
            'carry_people_info' => 'bail|sometimes|filled|array',
            'carry_people_info.*' => 'array:username,tel,gender',
            'carry_people_info.*.username' => [
                'bail',
                'required',
                'string',
                'max:30',
                'regex:/^[\x{4e00}-\x{9fa5}a-zA-Z{\d}{\s}]+$/u',
            ],
            'carry_people_info.*.tel' => [
                'bail',
                'required',
                'size:11',
                'regex:#^1[3456789][0-9]{9}$#',
            ],
            'carry_people_info.*.gender' => 'bail|required|integer|in:1,0',
        ];
    }

以上规则, 在Laravel中测试通过. 在Hyperf中, 没有达到目的.我的请求body中没有包含array:username,tel,gender中的任何一项, 但是$request->validated()依然获取到了提交的全部数据.
请求body

{
	"carry_people_info": [
        {
            "test": "姓名,./,..@"
        }
    ]
}

[wilbur-yu]

我遗漏了一个问题. 我使用了场景验证. 刚才又追了下源码, 发现在Validator.php中的passes方法中的$this->rules居然是没有carry_people_info.*规则集的. 所以验证通过对于这段代码来说是正确的. 然后我查看了根据场景值获取场景规则的代码, 即FormRequest.php中的getRules方法, 找到了问题所在.

    /**
     * Get scene rules.
     */
    protected function getRules()
    {
        $rules = call_user_func_array([$this, 'rules'], []);
        $scene = $this->getScene();
        if ($scene && isset($this->scenes[$scene]) && is_array($this->scenes[$scene])) {
            $newRules = [];
            foreach ($this->scenes[$scene] as $field) {
                if (array_key_exists($field, $rules)) {
                    $newRules[$field] = $rules[$field];
                }
            }
            return $newRules;
        }
        return $rules;
    }

这里默认是针对场景规则与完整规则进行规则集key交集. 然而, 我在场景规则中并未对carry_people_info.*.username...进行显示声明. 所以造成了对代码行为理解上的偏差.
如上, 我重新修改了OrderRequest中的场景定义后, 目前只有array:username,tel,gender不生效了. 当然, 这个不是问题, 因为框架不支持该细分规则.

[limingxinleo]

这个可以提个 PR