Laravel 5.2 Features Guide

Laravel 5.2 introduces powerful features for API development and authentication. Implicit model binding and multiple auth guards simplify common patterns. At ZIRA Software, we've upgraded all projects to leverage these improvements.

Implicit Model Binding

// Before 5.2 - Manual binding
Route::get('posts/{id}', function ($id) {
    $post = Post::findOrFail($id);
    return view('posts.show', compact('post'));
});

// Laravel 5.2 - Implicit binding
Route::get('posts/{post}', function (Post $post) {
    return view('posts.show', compact('post'));
});

// In controllers
class PostController extends Controller
{
    public function show(Post $post)
    {
        return view('posts.show', compact('post'));
    }

    public function update(Request $request, Post $post)
    {
        $post->update($request->all());
        return redirect()->route('posts.show', $post);
    }
}

// Custom key binding
// In RouteServiceProvider
public function boot()
{
    Route::bind('post', function ($value) {
        return Post::where('slug', $value)->firstOrFail();
    });
}

// Or in model
class Post extends Model
{
    public function getRouteKeyName()
    {
        return 'slug';
    }
}

Multiple Authentication Guards

// config/auth.php
'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'admin' => [
        'driver' => 'session',
        'provider' => 'admins',
    ],
    'api' => [
        'driver' => 'token',
        'provider' => 'users',
    ],
],

'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => App\User::class,
    ],
    'admins' => [
        'driver' => 'eloquent',
        'model' => App\Admin::class,
    ],
],

// Usage
if (Auth::guard('admin')->attempt($credentials)) {
    // Admin authenticated
}

// In controllers
public function __construct()
{
    $this->middleware('auth:admin');
}

// Get authenticated user from specific guard
$admin = Auth::guard('admin')->user();
$apiUser = Auth::guard('api')->user();

Array Validation

// Validate array items
$validator = Validator::make($request->all(), [
    'products' => 'required|array|min:1',
    'products.*.name' => 'required|string|max:255',
    'products.*.price' => 'required|numeric|min:0',
    'products.*.quantity' => 'required|integer|min:1',
]);

// Form request
class OrderRequest extends FormRequest
{
    public function rules()
    {
        return [
            'items' => 'required|array',
            'items.*.product_id' => 'required|exists:products,id',
            'items.*.quantity' => 'required|integer|min:1',
            'shipping_address' => 'required|string',
        ];
    }

    public function messages()
    {
        return [
            'items.*.product_id.exists' => 'Product #:position does not exist.',
            'items.*.quantity.min' => 'Quantity for item #:position must be at least 1.',
        ];
    }
}

API Rate Limiting

// Kernel.php - throttle middleware
protected $middlewareGroups = [
    'api' => [
        'throttle:60,1', // 60 requests per minute
    ],
];

// Route-specific throttling
Route::middleware('throttle:10,1')->group(function () {
    Route::post('/login', 'AuthController@login');
});

// Dynamic rate limiting
Route::middleware('throttle:rate_limit,1')->group(function () {
    Route::get('/api/data', 'ApiController@data');
});

// In User model
public function rate_limit()
{
    return $this->isPremium() ? 100 : 20;
}

// Custom rate limiter
RateLimiter::for('api', function (Request $request) {
    return $request->user()
        ? Limit::perMinute(100)->by($request->user()->id)
        : Limit::perMinute(20)->by($request->ip());
});

Form Array Inputs

<!-- View with array inputs -->
<form method="POST" action="/orders">
    @csrf
    @foreach($products as $index => $product)
    <div class="product-row">
        <input type="hidden" name="items[{{ $index }}][product_id]" value="{{ $product->id }}">
        <input type="number" name="items[{{ $index }}][quantity]" min="1" value="1">
    </div>
    @endforeach
    <button type="submit">Place Order</button>
</form>

Token Authentication

// Add api_token to users table
Schema::table('users', function ($table) {
    $table->string('api_token', 60)->unique()->nullable();
});

// Generate token
$user->api_token = str_random(60);
$user->save();

// Authenticate via token
// GET /api/user?api_token=xxx
// or Header: Authorization: Bearer xxx

Route::middleware('auth:api')->get('/user', function (Request $request) {
    return $request->user();
});

Conclusion

Laravel 5.2 streamlines API development with implicit binding, multiple guards, and rate limiting. These features reduce boilerplate while improving security and developer experience.

Upgrading to Laravel 5.2? Contact ZIRA Software for migration assistance.