UserSettingsController review

UserSettingsController.php

<?php
​
use Illuminate\Http\Request;
use Illuminate\Http\Response;
​
class UserSettingsController extends Controller
{
    // Do not expose a secret key
    public const API_KEY = 'a0080664-f443-49b7-8cf8-582f25cfd0e6';
​
    // Provide a return type `Response`
    public function settings(Request $request)
    {
        // Inject the `NiceLanguageService` to make testing easier
        $niceLanguageService = new NiceLanguageService(self::API_KEY);
        
        // Create `UserSettingsForm` to validate the inpout and provide types methods to get parameters
        if (!$niceLanguageService->validate($request->input('bio'))) {
            // Use linter and enforce multiline error
            return redirect()->back()->withErrors(['bio' => 'Please use nice language in your profile description']);
        }
​
        $user = Auth::user();
        if ($user->settings->phone !== $request->post('phone')) {
            // It feels a bit weird that a settings object can send a verification message.
            // Follow SOLID principles and create a new class that gets injected.
            $user->settings->sendPhoneChangeVerification($request->post('phone'));
        }
​
        // Never expose Eloquent models inside controllers.
        // Create a repo to update the settings with typed parameters instead of an array
        $user->settings()->update($request->input([
            'display_name', 'phone', 'bio', 'user_id',
        ]));
​
        return redirect()->back(Response::HTTP_OK);
    }
}