crewli/api/app/Http/Requests/Admin/StartImpersonationRequest.php

<?php

declare(strict_types=1);

namespace App\Http\Requests\Admin;

use Illuminate\Foundation\Http\FormRequest;

class StartImpersonationRequest extends FormRequest
{
    public function authorize(): bool
    {
        return true; // Authorization handled in service
    }

    /** @return array<string, mixed> */
    public function rules(): array
    {
        return [
            'reason' => ['required', 'string', 'min:5', 'max:500'],
            'mfa_code' => ['required', 'string'],
            'mfa_method' => ['required', 'string', 'in:totp,email,backup_code'],
        ];
    }
}