<?php
// Arquivo: app/Http/Requests/CreateUserRequest.php

namespace App\Http\Requests;

use App\Models\User;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;

class CreateUserRequest extends FormRequest
{
    public function rules(): array
    {
        return [
            'email' => [
                'required',
                'email',
                Rule::unique(User::class),
            ],
            'password' => 'required|string|max:128',
        ];
    }
}

<?php
// Arquivo: app/Http/Controllers/UserController.php

namespace App\Http\Controllers;

use App\Http\Requests\CreateUserRequest;
use App\Models\User;
use Illuminate\Http\Response;
use Illuminate\Routing\Controller;

class UserController extends Controller
{
    public function post(CreateUserRequest $request): Response
    {
        $requestData = $request->all();
        $requestData['password'] = password_hash(
            $requestData['password'],
            PASSWORD_BCRYPT,
        );

        User::create($requestData);

        return response()->noContent();
    }
}

<?php

namespace App\Models;

use Illuminate\Foundation\Auth\User as UserBase;
use Illuminate\Notifications\Notifiable;

class User extends UserBase
{
    use Notifiable;

    /**
     * The attributes that are mass assignable.
     */
    protected array $fillable = [
        'email',
        'password',
        'is_admin',
    ];

    /**
     * Warning: Should be used internally only. NEVER USE this
     * method on any public API endpoint!
     */
    public function createAdminUser(
        string $email,
        string $password
    ): self {
        return static::create([
            'is_admin' => true,
            'email' => $email,
            'password' => password_hash(
                $password,
                PASSWORD_BCRYPT,
            ),
        ]);
    }
}