From a7f433961dc9352a4ce5e8a9064eb5422d646f78 Mon Sep 17 00:00:00 2001
From: LailaWulandarii <E41220418@student.polije.ac.id>
Date: Sat, 7 Feb 2026 15:41:29 +0700
Subject: [PATCH] refactor: add regex validation for 'nama', 'alamat', and
 'deskripsi' fields in AdminRequest, FotoRequest, and ProfilRequest

---
 app/Http/Requests/Admin/AdminRequest.php  |  9 ++++++---
 app/Http/Requests/Admin/FotoRequest.php   |  5 ++---
 app/Http/Requests/Admin/ProfilRequest.php | 12 +++++++++---
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/app/Http/Requests/Admin/AdminRequest.php b/app/Http/Requests/Admin/AdminRequest.php
index ca41a23..79339e5 100644
--- a/app/Http/Requests/Admin/AdminRequest.php
+++ b/app/Http/Requests/Admin/AdminRequest.php
@@ -20,12 +20,12 @@ public function rules(): array
         $adminId = $this->route('id');
 
         return [
-            'nama'     => 'required|string|min:5|max:100',
+            'nama'     => 'required|string|min:3|max:100|regex:/^[a-zA-Z\s]+$/',
             'username' => 'required|string|alpha_num|max:10|unique:users,username,' . $adminId . ',id_user',
             'email'    => 'required|email:dns|unique:users,email,' . $adminId . ',id_user',
             'no_wa'    => 'required|numeric|digits_between:10,15',
             'role'     => 'required|in:admin_foto,admin_buket',
-            'alamat'   => 'required|string|max:200',
+            'alamat'   => 'required|string|max:200|regex:/^[a-zA-Z0-9\s\.,:"-]+$/',
         ];
     }
 
@@ -39,8 +39,11 @@ public function messages(): array
             'numeric'        => ':attribute harus berupa angka.',
             'digits_between' => ':attribute harus berjumlah antara :min sampai :max digit.',
             'email'          => 'Format :attribute tidak valid.',
-            'alpha_dash'     => ':attribute hanya boleh berisi huruf, angka, serta simbol - dan _',
+            'regex'          => ':attribute hanya boleh berisi huruf, angka, spasi, titik, koma, tanda hubung dan tanda petik dua.',
             'in'             => ':attribute yang dipilih tidak sesuai pilihan yang tersedia.',
+            'nama.regex' => 'Nama hanya boleh berisi huruf dan spasi.',
+            'username.alpha_num' => 'Username hanya boleh berisi huruf dan angka.',
+            'alamat.regex' => 'Alamat hanya boleh berisi huruf, angka, spasi, titik, koma, tanda hubung, dan tanda petik dua.',
         ];
     }
 
diff --git a/app/Http/Requests/Admin/FotoRequest.php b/app/Http/Requests/Admin/FotoRequest.php
index afd4d3a..c90fd23 100644
--- a/app/Http/Requests/Admin/FotoRequest.php
+++ b/app/Http/Requests/Admin/FotoRequest.php
@@ -16,11 +16,10 @@ public function authorize(): bool
     public function rules(): array
     {
         return [
-            'nama'      => 'required|string|min:3|max:100',
+            'nama'      => 'required|string|min:3|max:100|regex:/^[a-zA-Z0-9\s\.,:"-]+$/',
             'harga'     => 'required|numeric|min:0',
             'durasi'    => 'required|integer|min:0',
-            'deskripsi' => 'required|string|min:10',
-            // Foto wajib saat Tambah (POST), opsional saat Edit (PUT)
+            'deskripsi' => 'required|string|min:10|regex:/^[a-zA-Z0-9\s\.,:"-]+$/',
             'foto'      => $this->isMethod('post')
                 ? 'required|image|mimes:jpeg,png,jpg|max:2048'
                 : 'nullable|image|mimes:jpeg,png,jpg|max:2048',
diff --git a/app/Http/Requests/Admin/ProfilRequest.php b/app/Http/Requests/Admin/ProfilRequest.php
index 51aa9de..434346b 100644
--- a/app/Http/Requests/Admin/ProfilRequest.php
+++ b/app/Http/Requests/Admin/ProfilRequest.php
@@ -20,11 +20,11 @@ public function rules(): array
         $userId = Auth::id();
         //tambah validasi
         return [
-            'nama'     => 'required|string|max:100',
+            'nama'     => 'required|string|min:3|max:100|regex:/^[a-zA-Z\s]+$/',
             'username' => 'required|string|alpha_num|max:10|unique:users,username,' . $userId . ',id_user',
             'email'    => 'required|email|unique:users,email,' . $userId . ',id_user',
-            'no_wa'    => 'nullable|numeric',
-            'alamat'   => 'nullable|string|max:200',
+            'no_wa'    => 'nullable|numeric|digits_between:10,15',
+            'alamat'   => 'nullable|string|max:200|regex:/^[a-zA-Z0-9\s\.,:"-]+$/',
         ];
     }
 
@@ -35,6 +35,12 @@ public function messages(): array
             'unique'   => ':attribute sudah digunakan.',
             'numeric'  => ':attribute harus berupa angka.',
             'email'    => 'Format :attribute tidak valid.',
+            'digits_between' => ':attribute harus berjumlah antara 10 sampai 15 digit.',
+            'min'      => ':attribute minimal harus berisi :min karakter.',
+            'max'      => ':attribute maksimal hanya boleh :max karakter.',
+            'nama.regex' => 'Nama hanya boleh berisi huruf dan spasi.',
+            'username.alpha_num' => 'Username hanya boleh berisi huruf dan angka.',
+            'alamat.regex' => 'Alamat hanya boleh berisi huruf, angka, spasi, titik, koma, tanda hubung, dan tanda petik dua.',
         ];
     }