From 0d2e63f59060bc0617cb85519775a412c5b7adb4 Mon Sep 17 00:00:00 2001
From: Lance Pioch <git@lance.sh>
Date: Fri, 22 Mar 2024 21:32:12 -0400
Subject: [PATCH] Better route model binding

---
 .../Api/Client/Servers/SubuserController.php  |  7 ++--
 .../Api/Client/SubstituteClientBindings.php   | 33 -------------------
 app/Models/Server.php                         |  8 +++++
 bootstrap/app.php                             |  2 +-
 routes/api-client.php                         |  6 ++--
 5 files changed, 16 insertions(+), 40 deletions(-)
 delete mode 100644 app/Http/Middleware/Api/Client/SubstituteClientBindings.php

diff --git a/app/Http/Controllers/Api/Client/Servers/SubuserController.php b/app/Http/Controllers/Api/Client/Servers/SubuserController.php
index 870ca2f50..82c73b5bf 100644
--- a/app/Http/Controllers/Api/Client/Servers/SubuserController.php
+++ b/app/Http/Controllers/Api/Client/Servers/SubuserController.php
@@ -2,6 +2,7 @@
 
 namespace App\Http\Controllers\Api\Client\Servers;
 
+use App\Models\User;
 use Illuminate\Http\Request;
 use App\Models\Server;
 use Illuminate\Http\JsonResponse;
@@ -42,7 +43,7 @@ class SubuserController extends ClientApiController
     /**
      * Returns a single subuser associated with this server instance.
      */
-    public function view(GetSubuserRequest $request): array
+    public function view(GetSubuserRequest $request, Server $server, User $user): array
     {
         $subuser = $request->attributes->get('subuser');
 
@@ -82,7 +83,7 @@ class SubuserController extends ClientApiController
      *
      * @throws \App\Exceptions\Model\DataValidationException
      */
-    public function update(UpdateSubuserRequest $request, Server $server): array
+    public function update(UpdateSubuserRequest $request, Server $server, User $user): array
     {
         /** @var \App\Models\Subuser $subuser */
         $subuser = $request->attributes->get('subuser');
@@ -130,7 +131,7 @@ class SubuserController extends ClientApiController
     /**
      * Removes a subusers from a server's assignment.
      */
-    public function delete(DeleteSubuserRequest $request, Server $server): JsonResponse
+    public function delete(DeleteSubuserRequest $request, Server $server, User $user): JsonResponse
     {
         /** @var \App\Models\Subuser $subuser */
         $subuser = $request->attributes->get('subuser');
diff --git a/app/Http/Middleware/Api/Client/SubstituteClientBindings.php b/app/Http/Middleware/Api/Client/SubstituteClientBindings.php
deleted file mode 100644
index f17439e28..000000000
--- a/app/Http/Middleware/Api/Client/SubstituteClientBindings.php
+++ /dev/null
@@ -1,33 +0,0 @@
-<?php
-
-namespace App\Http\Middleware\Api\Client;
-
-use App\Models\Server;
-use Closure;
-use Illuminate\Contracts\Routing\Registrar;
-use Illuminate\Routing\Middleware\SubstituteBindings;
-
-class SubstituteClientBindings extends SubstituteBindings
-{
-    public function __construct(Registrar $router, private Server $server)
-    {
-        parent::__construct($router);
-    }
-
-    public function handle($request, Closure $next): mixed
-    {
-        // Override default behavior of the model binding to use a specific table column rather than the default 'id'.
-
-        $this->router->bind('user', function ($value, $route) {
-            /** @var \App\Models\Subuser $match */
-            $match = $route->parameter('server')
-                ->subusers()
-                ->whereRelation('user', 'uuid', '=', $value)
-                ->firstOrFail();
-
-            return $match->user;
-        });
-
-        return parent::handle($request, $next);
-    }
-}
diff --git a/app/Models/Server.php b/app/Models/Server.php
index ad435c596..41113d147 100644
--- a/app/Models/Server.php
+++ b/app/Models/Server.php
@@ -331,6 +331,14 @@ class Server extends Model
         };
     }
 
+    public function resolveChildRouteBinding($childType, $value, $field)
+    {
+        return match ($childType) {
+            'user' => $this->subusers()->whereRelation('user', 'uuid', $value)->firstOrFail()->user,
+            default => parent::resolveChildRouteBinding($childType, $value, $field),
+        };
+    }
+
     /**
      * Checks if the server is currently in a user-accessible state. If not, an
      * exception is raised. This should be called whenever something needs to make
diff --git a/bootstrap/app.php b/bootstrap/app.php
index 75601838f..fd76a369a 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -35,7 +35,7 @@ return Application::configure(basePath: dirname(__DIR__))
         ]);
 
         $middleware->group('client-api', [
-            \App\Http\Middleware\Api\Client\SubstituteClientBindings::class,
+            \Illuminate\Routing\Middleware\SubstituteBindings::class,
             \App\Http\Middleware\Api\Client\RequireClientApiKey::class,
         ]);
 
diff --git a/routes/api-client.php b/routes/api-client.php
index 1cf518632..ed1190af6 100644
--- a/routes/api-client.php
+++ b/routes/api-client.php
@@ -107,9 +107,9 @@ Route::prefix('/servers/{server:uuid}')->middleware([ServerSubject::class, Authe
     Route::prefix('/users')->group(function () {
         Route::get('/', [Client\Servers\SubuserController::class, 'index']);
         Route::post('/', [Client\Servers\SubuserController::class, 'store']);
-        Route::get('/{user}', [Client\Servers\SubuserController::class, 'view']);
-        Route::post('/{user}', [Client\Servers\SubuserController::class, 'update']);
-        Route::delete('/{user}', [Client\Servers\SubuserController::class, 'delete']);
+        Route::get('/{user:uuid}', [Client\Servers\SubuserController::class, 'view']);
+        Route::post('/{user:uuid}', [Client\Servers\SubuserController::class, 'update']);
+        Route::delete('/{user:uuid}', [Client\Servers\SubuserController::class, 'delete']);
     });
 
     Route::prefix('/backups')->group(function () {