Skip to main content

Overview

The S3M package includes three FormRequest classes that handle validation and authorization for multipart upload operations. Each request class validates specific parameters and enforces configuration-based restrictions. Namespace: MrEduar\S3M\Http\Requests

CreateMultipartUploadRequest

Validates requests to create a new multipart upload session. Used by: POST /multipart endpoint

Authorization

All users must be authorized through the uploadFiles gate: 
Gate::allows('uploadFiles', [$user, $bucket])

Validation Rules

bucket
string
Custom S3 bucket nameConstraints:
  • Must be a string
  • Can only be provided if config('s3m.allow_change_bucket') is true
  • Validation error if attempting to change bucket when disabled
visibility
string
S3 ACL visibility settingConstraints:
  • Must be a string
  • Must be private if config('s3m.allow_change_visibility') is false
  • Validation error if attempting to change visibility when disabled
content_type
string
MIME type of the file being uploadedConstraints:
  • Must be a string
  • No additional restrictions
folder
string
Folder path within the bucketConstraints:
  • Must be a string
  • Must be tmp if config('s3m.allow_change_folder') is false
  • Validation error if attempting to change folder when disabled

Example Usage

// With default settings (all restrictions enabled)
[
    'content_type' => 'video/mp4',
    'visibility' => 'private',
    'folder' => 'tmp'
]

Validation Errors

{
  "message": "The given data was invalid.",
  "errors": {
    "bucket": [
      "You are not allowed to change the bucket of the uploaded file."
    ],
    "visibility": [
      "You are not allowed to change the visibility of the uploaded file."
    ],
    "folder": [
      "You are not allowed to change the folder of the uploaded file."
    ]
  }
}
Source: /home/daytona/workspace/source/src/Http/Requests/CreateMultipartUploadRequest.php:8

SignPartRequest

Validates requests to generate presigned URLs for uploading file parts. Used by: POST /multipart/sign endpoint

Authorization

All users must be authorized through the uploadFiles gate: 
Gate::allows('uploadFiles', [$user, $bucket])

Validation Rules

key
string
required
S3 object key (file path) from the create upload responseConstraints:
  • Required field
  • Must be a string
part_number
integer
required
Part number for this upload chunkConstraints:
  • Required field
  • Must be an integer
  • AWS S3 allows part numbers from 1 to 10,000
upload_id
string
required
Upload ID from the create upload responseConstraints:
  • Required field
  • Must be a string
bucket
string
Custom S3 bucket nameConstraints:
  • Must be a string
  • No config restrictions for this request
visibility
string
S3 ACL visibility settingConstraints:
  • Must be a string
  • Must be private if config('s3m.allow_change_visibility') is false
  • Validation error if attempting to change visibility when disabled
content_type
string
MIME type for this partConstraints:
  • Must be a string
  • No additional restrictions

Example Usage

[
    'key' => 'tmp/550e8400-e29b-41d4-a716-446655440000',
    'part_number' => 1,
    'upload_id' => 'exampleUploadId123'
]

Validation Errors

{
  "message": "The given data was invalid.",
  "errors": {
    "key": ["The key field is required."],
    "part_number": ["The part number field is required."],
    "upload_id": ["The upload id field is required."]
  }
}
Source: /home/daytona/workspace/source/src/Http/Requests/SignPartRequest.php:8

CompleteMultipartUploadRequest

Validates requests to complete a multipart upload and assemble all parts. Used by: POST /multipart/complete endpoint

Authorization

All users must be authorized through the uploadFiles gate: 
Gate::allows('uploadFiles', [$user, $bucket])

Validation Rules

bucket
string
Custom S3 bucket nameConstraints:
  • Must be a string
  • Can only be provided if config('s3m.allow_change_bucket') is true
  • Validation error if attempting to change bucket when disabled
key
string
required
S3 object key (file path) from the create upload responseConstraints:
  • Required field
  • Must be a string
upload_id
string
required
Upload ID from the create upload responseConstraints:
  • Required field
  • Must be a string
parts
array
required
Array of uploaded parts with their ETagsConstraints:
  • Required field
  • Must be an array
  • Each element must contain PartNumber and ETag
parts[].PartNumber
integer
required
Part number (must match the number used when uploading)Constraints:
  • Required field
  • Must be an integer
parts[].ETag
string
required
ETag value from the part upload response headersConstraints:
  • Required field
  • Must be a string
  • Usually includes surrounding quotes (e.g., "abc123")

Example Usage

[
    'key' => 'tmp/550e8400-e29b-41d4-a716-446655440000',
    'upload_id' => 'exampleUploadId123',
    'parts' => [
        ['PartNumber' => 1, 'ETag' => '"5d41402abc4b2a76b9719d911017c592"']
    ]
]

Validation Errors

{
  "message": "The given data was invalid.",
  "errors": {
    "key": ["The key field is required."],
    "upload_id": ["The upload id field is required."],
    "parts": ["The parts field is required."],
    "parts.0.PartNumber": ["The parts.0.PartNumber field is required."],
    "parts.0.ETag": ["The parts.0.ETag field is required."]
  }
}
Source: /home/daytona/workspace/source/src/Http/Requests/CompleteMultipartUploadRequest.php:8

Configuration Impact

The request validation behavior is controlled by these configuration options:

allow_change_bucket

Config: config('s3m.allow_change_bucket') Default: false Impact:
  • When false: Users cannot specify a custom bucket in CreateMultipartUploadRequest or CompleteMultipartUploadRequest
  • When true: Users can specify any bucket they have access to
// config/s3m.php
'allow_change_bucket' => env('S3M_ALLOW_CHANGE_BUCKET', false),

allow_change_visibility

Config: config('s3m.allow_change_visibility') Default: false Impact:
  • When false: Visibility must be private in all requests
  • When true: Users can specify any S3 ACL value (public-read, authenticated-read, etc.)
// config/s3m.php
'allow_change_visibility' => env('S3M_ALLOW_CHANGE_VISIBILITY', false),

allow_change_folder

Config: config('s3m.allow_change_folder') Default: false Impact:
  • When false: Folder must be tmp in CreateMultipartUploadRequest
  • When true: Users can specify any folder path
// config/s3m.php
'allow_change_folder' => env('S3M_ALLOW_CHANGE_FOLDER', false),

Custom Authorization

To customize authorization logic, define the uploadFiles gate in your AuthServiceProvider: 
use Illuminate\Support\Facades\Gate;

public function boot()
{
    Gate::define('uploadFiles', function ($user, $bucket) {
        // Custom authorization logic
        if ($user->isAdmin()) {
            return true;
        }
        
        // Check if user has access to this specific bucket
        return $user->buckets->contains('name', $bucket);
    });
}

Build docs developers (and LLMs) love

Get started for freeTalk to us