crewli/api/app/Http/Requests/Api/V1/FormBuilder/SavePublicDraftRequest.php

<?php

declare(strict_types=1);

namespace App\Http\Requests\Api\V1\FormBuilder;

use App\Models\FormBuilder\FormSchema;
use App\Services\FormBuilder\FormFieldRuleBuilder;
use App\Services\FormBuilder\PublicFormTokenResolver;
use Illuminate\Foundation\Http\FormRequest;

/**
 * Body for `PUT /api/v1/public/forms/{public_token}/submissions/{id}`.
 * Auto-save endpoint — relaxed rule set per S2c D8. Only the field
 * slugs present in the body are written; everything is nullable.
 */
final class SavePublicDraftRequest extends FormRequest
{
    public function authorize(): bool
    {
        return true;
    }

    /**
     * @return array<string, mixed>
     */
    public function rules(): array
    {
        $base = [
            'values' => ['sometimes', 'array'],
            'first_interacted_at' => ['nullable', 'date'],
            'public_submitter_name' => ['nullable', 'string', 'max:150'],
            'public_submitter_email' => ['nullable', 'email', 'max:255'],
        ];

        $schema = $this->resolveSchema();
        if (! $schema instanceof FormSchema) {
            return $base;
        }

        return array_merge(
            $base,
            app(FormFieldRuleBuilder::class)->relaxed($schema),
        );
    }

    private function resolveSchema(): ?FormSchema
    {
        $token = (string) $this->route('public_token');
        if ($token === '') {
            return null;
        }
        try {
            return app(PublicFormTokenResolver::class)->resolve($token);
        } catch (\Throwable) {
            return null;
        }
    }
}