Add validation to RealmCreate

2026-02-08 18:00:24 +01:00 · 2026-02-08 18:00:24 +01:00 · ddbb1f42d7
commit ddbb1f42d7
parent 09480eb1e4
16 changed files with 326 additions and 23 deletions
--- a/IdentityShroud.Api/Validation/EndpointRouteBuilderExtensions.cs
+++ b/IdentityShroud.Api/Validation/EndpointRouteBuilderExtensions.cs
@ -0,0 +1,7 @@
+namespace IdentityShroud.Api.Validation;
+
+public static class EndpointRouteBuilderExtensions
+{
+    public static RouteHandlerBuilder Validate<TDto>(this RouteHandlerBuilder builder) where TDto : class
+        => builder.AddEndpointFilter<ValidateFilter<TDto>>();    
+}
--- a/IdentityShroud.Api/Validation/RealmCreateRequestValidator.cs
+++ b/IdentityShroud.Api/Validation/RealmCreateRequestValidator.cs
@ -0,0 +1,19 @@
+using FluentValidation;
+using IdentityShroud.Core.Messages.Realm;
+
+namespace IdentityShroud.Api.Validation;
+
+public class RealmCreateRequestValidator : AbstractValidator<RealmCreateRequest>
+{
+    private const string SlugPattern = @"^(?=.{1,40}$)[a-z0-9]+(?:-[a-z0-9]+)*$";
+    
+    public RealmCreateRequestValidator()
+    {
+        RuleFor(x => x.Id)
+            .NotEqual(Guid.Empty).When(x => x.Id.HasValue);
+        RuleFor(x => x.Slug)
+            .Matches(SlugPattern).Unless(x => x.Slug is null);
+        RuleFor(x => x.Name)
+            .NotNull().Length(1, 255);
+    }
+}
--- a/IdentityShroud.Api/Validation/ValidateFilter.cs
+++ b/IdentityShroud.Api/Validation/ValidateFilter.cs
@ -0,0 +1,33 @@
+using FluentValidation;
+
+namespace IdentityShroud.Api.Validation;
+
+public class ValidateFilter<T> : IEndpointFilter where T : class
+{
+    public async ValueTask<object?> InvokeAsync(
+        EndpointFilterInvocationContext context,
+        EndpointFilterDelegate next)
+    {
+        // Grab the deserialized argument (the DTO) from the context.
+        // The order of arguments matches the order of parameters in the endpoint delegate.
+        var dto = context.Arguments
+            .FirstOrDefault(arg => arg is T) as T;
+
+        if (dto == null)
+            return Results.BadRequest("Unable to read request body.");
+
+        // Resolve the matching validator from DI.
+        var validator = context.HttpContext.RequestServices
+            .GetService<IValidator<T>>();
+
+        if (validator != null)
+        {
+            var validationResult = await validator.ValidateAsync(dto);
+            if (!validationResult.IsValid)
+                return Results.ValidationProblem(validationResult.ToDictionary());
+        }
+
+        // Validation passed – continue to the actual handler.
+        return await next(context);
+    }
+}