diff --git a/app/Http/Controllers/NotesController.php b/app/Http/Controllers/NotesController.php
index 7d21420a06..3538e076f3 100644
--- a/app/Http/Controllers/NotesController.php
+++ b/app/Http/Controllers/NotesController.php
@@ -6,24 +6,32 @@ use App\Events\NoteAdded;
 use App\Models\Asset;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Validation\Rule;
 
 class NotesController extends Controller
 {
     public function store(Request $request)
     {
-        // @todo: validation
+        $validated = $request->validate([
+            // @todo: improve?
+            'id' => 'required',
+            'note' => 'required|string|max:500',
+            'type' => [
+                'required',
+                Rule::in(['asset']),
+            ],
+        ]);
 
-        $item = Asset::findOrFail($request->input('id'));
+        $item = Asset::findOrFail($validated['id']);
 
         // @todo: authorization
 
-        event(new NoteAdded($item, Auth::user(), $request->input('note')));
+        event(new NoteAdded($item, Auth::user(), $validated['note']));
 
         return redirect()
-            // @todo: make dynamic
-            ->route('hardware.show', $request->input('id'))
+            ->route('hardware.show', $validated['id'])
             ->withFragment('history')
             // @todo: translate
-            ->with('success', 'Success!');
+            ->with('success', 'Note Added!');
     }
 }