Building a Base Controller for Reusable Data Access in Laravel

• User input is not properly sanitized, leading to SQL injection or XSS attacks.
• Forms lack CSRF protection, allowing attackers to perform unauthorized actions.
• Sensitive data like passwords or tokens is mishandled or improperly encrypted.

We’ll implement strategies to mitigate these risks.

   use Illuminate\Http\Request;

   public function index(Request $request)
   {
       $posts = Post::paginate(10);

       return response()->json([
           'data' => $posts->items(), // The paginated items
           'meta' => [
               'current_page' => $posts->currentPage(),
               'per_page' => $posts->perPage(),
               'total' => $posts->total(),
               'last_page' => $posts->lastPage(),
           ],
           'links' => [
               'next' => $posts->nextPageUrl(),
               'previous' => $posts->previousPageUrl(),
           ],
       ]);
   }

   {
       "data": [
           { "id": 1, "title": "Post 1" },
           { "id": 2, "title": "Post 2" }
       ],
       "meta": {
           "current_page": 1,
           "per_page": 10,
           "total": 50,
           "last_page": 5
       },
       "links": {
           "next": "http://example.com/api/posts?page=2",
           "previous": null
       }
   }

   <p>Preferred Theme: {{ $userPreferences['theme'] }}</p>

If the data is complex or involves multiple queries, centralize the logic in a service provider.

Allow admins to update the pagination limit dynamically.

   php artisan make:controller Admin/SettingsController

• Config::set: Dynamically updates Laravel’s configuration values.
• App::setLocale: Sets the application’s locale for localization features.

To use the dynamically set locale, ensure your app is ready for localization.

Open the newly created file in app/Providers/PerformanceServiceProvider.php and define shared data:

   namespace App\Providers;

   use Illuminate\Support\ServiceProvider;
   use Illuminate\Support\Facades\Cache;

   class PerformanceServiceProvider extends ServiceProvider
   {
       public function register()
       {
           // Register a singleton for shared data
           $this->app->singleton('sharedData', function () {
               return Cache::rememberForever('shared_data', function () {
                   return [
                       'max_uploads' => 10, // Example limit
                       'api_rate_limit' => 100, // API requests per minute
                       'features' => [
                           'uploads_enabled' => true,
                           'comments_enabled' => false,
                       ],
                   ];
               });
           });
       }
   }

Listen to relevant events and refresh the singleton when necessary:

   Event::listen('settings.updated', function () {
       app()->forgetInstance('sharedData');
   });