crewli/api/app/Http/Requests/Api/V1/Auth/MfaVerifyRequest.php

<?php

declare(strict_types=1);

namespace App\Http\Requests\Api\V1\Auth;

use App\Enums\MfaMethod;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;

final class MfaVerifyRequest extends FormRequest
{
    public function authorize(): bool
    {
        return true;
    }

    public function rules(): array
    {
        return [
            'mfa_session_token' => ['required', 'string'],
            'code' => ['required', 'string'],
            'method' => ['required', 'string', Rule::in([
                MfaMethod::TOTP->value,
                MfaMethod::EMAIL->value,
                MfaMethod::BACKUP_CODE->value,
            ])],
            'trust_device' => ['sometimes', 'boolean'],
            'device_fingerprint' => ['required_if:trust_device,true', 'nullable', 'string'],
            'device_name' => ['nullable', 'string', 'max:255'],
        ];
    }
}