Set mass DELETE according to REST (no request body) for twofaccounts

app/Http/Controllers/TwoFAccountController.php

@@ -10,7 +10,7 @@ use App\Http\Requests\TwoFAccountStoreRequest;
 use App\Http\Requests\TwoFAccountUpdateRequest;
 use App\Http\Resources\TwoFAccountReadResource;
 use App\Http\Resources\TwoFAccountStoreResource;
-use App\Http\Requests\TwoFAccountDeleteRequest;
+use App\Http\Requests\TwoFAccountBatchDestroyRequest;
 use App\Http\Requests\TwoFAccountUriRequest;
 use App\Http\Requests\TwoFAccountDynamicRequest;
 use App\Services\TwoFAccountService;
@@ -219,12 +219,23 @@ class TwoFAccountController extends Controller
     /**
      * Remove the specified resources from storage.
      *
-     * @param  \App\Http\Requests\TwoFAccountDeleteRequest  $request
+     * @param  \App\Http\Requests\TwoFAccountBatchDestroyRequest  $request
      * @return \Illuminate\Http\Response
      */
-    public function batchDestroy(TwoFAccountDeleteRequest $request)
+    public function batchDestroy(TwoFAccountBatchDestroyRequest $request)
     {
-        $this->twofaccountService->delete($request->ids);
+        $validated = $request->validated();
+
+        $ids = explode(',', $validated['ids'], 100);
+        $nb = count($ids);
+        if ($nb > 99) {
+            return response()->json([
+                'message' => 'bad request',
+                'reason' => [__('errors.too_many_ids')]
+            ], 400);
+        }
+
+        $this->twofaccountService->delete($ids);
 
         return response()->json(null, 204);
     }

app/Http/Requests/TwoFAccountDeleteRequest.php → app/Http/Requests/TwoFAccountBatchDestroyRequest.php

@@ -4,7 +4,7 @@ namespace App\Http\Requests;
 
 use Illuminate\Foundation\Http\FormRequest;
 
-class TwoFAccountDeleteRequest extends FormRequest
+class TwoFAccountBatchDestroyRequest extends FormRequest
 {
     /**
      * Determine if the user is authorized to make this request.
@@ -24,7 +24,7 @@ class TwoFAccountDeleteRequest extends FormRequest
     public function rules()
     {
         return [
-            'ids' => 'required',
+            'ids' => 'required|string|regex:/^\d([\d,])+[\d]+$/i',
         ];
     }
 }

app/Services/TwoFAccountService.php

@@ -170,12 +170,14 @@ class TwoFAccountService
      * Delete one or more twofaccounts
      * 
      * @param int|array $ids twofaccount's ids to delete
+     * 
+     * @return int The number of deleted
      */
-    public function delete($ids)
+    public function delete($ids) : int
     {
-        TwoFAccount::destroy($ids);
+        $deleted = TwoFAccount::destroy($ids);
 
-        // TODO : log the returned value = total count of records deleted
+        return $deleted;
     }
 
 

resources/lang/en/errors.php

@@ -28,4 +28,5 @@ return [
     'error_during_encryption' => 'Encryption failed, your database remains unprotected.',
     'error_during_decryption' => 'Decryption failed, your database is still protected. This is mainly caused by an integrity issue of encrypted data for one or more accounts.',
     'qrcode_cannot_be_read' => 'This QR code is unreadable',
+    'too_many_ids' => 'too many ids were included in the query parameter, max 100 allowed',
 ];

resources/lang/en/validation.php

@@ -159,6 +159,9 @@ return [
         'label' => [
             'required' => 'The uri must have a label.',
         ],
+        'ids' => [
+            'regex' => 'IDs must be comma separated, without trailing comma.',
+        ],
     ],
 
     /*

routes/api.php

@@ -36,7 +36,7 @@ Route::group(['middleware' => 'auth:api'], function() {
         Route::post('options', 'Settings\OptionController@store');
     });
 
-    Route::delete('twofaccounts/batch', 'TwoFAccountController@batchDestroy');
+    Route::delete('twofaccounts', 'TwoFAccountController@batchDestroy');
     Route::post('twofaccounts/reorder', 'TwoFAccountController@reorder');
     Route::post('twofaccounts/preview', 'TwoFAccountController@preview');
     Route::get('twofaccounts/{twofaccount}/qrcode', 'QrCodeController@show');