initial: bootstrap from BukidBountyApp base
This commit is contained in:
Jonathan Sykes
16
app/Http/Middleware/Authenticate.php
Normal file
16
app/Http/Middleware/Authenticate.php
Normal file
@@ -0,0 +1,16 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Hypervel\Support\Facades\Auth;
|
||||
use Hypervel\Auth\Middleware\Authenticate as Middleware;
|
||||
use Closure;
|
||||
|
||||
class Authenticate extends Middleware
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
|
||||
36
app/Http/Middleware/CheckMaintenanceMode.php
Normal file
36
app/Http/Middleware/CheckMaintenanceMode.php
Normal file
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use App\Http\Controllers\Helpers\ResponseHelper;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Hypervel\Support\Facades\Redis;
|
||||
use Hypervel\Support\Facades\Auth;
|
||||
use App\Enums\UserTypes;
|
||||
|
||||
class CheckMaintenanceMode
|
||||
{
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*/
|
||||
public function handle(ServerRequestInterface $request, Closure $next): ResponseInterface
|
||||
{
|
||||
$isMaintenance = Redis::get('system:maintenance_mode') === 'true';
|
||||
|
||||
if ($isMaintenance) {
|
||||
$user = Auth::user();
|
||||
|
||||
// Allow Ultimate users to bypass maintenance mode
|
||||
if (!$user || $user->acct_type !== UserTypes::ULTIMATE) {
|
||||
// Return 503 Service Unavailable
|
||||
return ResponseHelper::returnError('System is currently under maintenance. Transactions are temporarily disabled. Please try again later.', 503);
|
||||
}
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
49
app/Http/Middleware/CheckModuleEnabled.php
Normal file
49
app/Http/Middleware/CheckModuleEnabled.php
Normal file
@@ -0,0 +1,49 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Support\ModuleHelper;
|
||||
use Closure;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
|
||||
/**
|
||||
* Middleware: module:<key>
|
||||
*
|
||||
* Blocks the request with a 403 JSON response when the specified module
|
||||
* is disabled in config/modules.php (driven by MODULE_<KEY>_ENABLED env).
|
||||
*
|
||||
* Usage in routes:
|
||||
* Route::post('/api/pos/start', ..., ['middleware' => 'module:pos']);
|
||||
*
|
||||
* Or applied to a group:
|
||||
* Route::group(['middleware' => 'module:products'], function () { ... });
|
||||
*/
|
||||
class CheckModuleEnabled
|
||||
{
|
||||
/**
|
||||
* Handle the incoming request.
|
||||
*
|
||||
* @param ServerRequestInterface $request
|
||||
* @param Closure $next
|
||||
* @param string $moduleKey The module key from config/modules.php
|
||||
* @return ResponseInterface|mixed
|
||||
*/
|
||||
public function handle($request, Closure $next, string $moduleKey = '')
|
||||
{
|
||||
if ($moduleKey && ModuleHelper::isDisabled($moduleKey)) {
|
||||
$label = ModuleHelper::getLabel($moduleKey);
|
||||
|
||||
return response()->json([
|
||||
'success' => false,
|
||||
'message' => "The \"{$label}\" module is currently disabled.",
|
||||
'module' => $moduleKey,
|
||||
'code' => 'MODULE_DISABLED',
|
||||
], 403);
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
56
app/Http/Middleware/CheckTokenAbilities.php
Normal file
56
app/Http/Middleware/CheckTokenAbilities.php
Normal file
@@ -0,0 +1,56 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Auth\BearerTokenResolver;
|
||||
use Closure;
|
||||
use Hypervel\Support\Facades\Auth;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
|
||||
/**
|
||||
* Middleware: abilities:<ability>[,<ability>...]
|
||||
*
|
||||
* Passes when:
|
||||
* - request is session-authenticated (no token in play), OR
|
||||
* - the bearer token has ALL listed abilities (or wildcard '*').
|
||||
*
|
||||
* Note: this does not replace your RBAC role check; pair with a permission
|
||||
* check on the underlying user where appropriate.
|
||||
*/
|
||||
class CheckTokenAbilities
|
||||
{
|
||||
public function handle($request, Closure $next, string ...$abilities): ResponseInterface
|
||||
{
|
||||
$user = Auth::user();
|
||||
if (! $user) {
|
||||
return response()->json([
|
||||
'success' => false,
|
||||
'message' => 'Unauthenticated.',
|
||||
'code' => 'UNAUTHENTICATED',
|
||||
], 401);
|
||||
}
|
||||
|
||||
$token = BearerTokenResolver::current();
|
||||
|
||||
// Session auth (no token) — abilities are not enforced at this layer.
|
||||
if ($token === null) {
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
foreach ($abilities as $ability) {
|
||||
if (! $token->can($ability)) {
|
||||
return response()->json([
|
||||
'success' => false,
|
||||
'message' => "Token missing ability: {$ability}",
|
||||
'code' => 'MISSING_ABILITY',
|
||||
'required' => $ability,
|
||||
], 403);
|
||||
}
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
18
app/Http/Middleware/ConvertEmptyStringsToNull.php
Normal file
18
app/Http/Middleware/ConvertEmptyStringsToNull.php
Normal file
@@ -0,0 +1,18 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Hypervel\Foundation\Http\Middleware\ConvertEmptyStringsToNull as Middleware;
|
||||
|
||||
class ConvertEmptyStringsToNull extends Middleware
|
||||
{
|
||||
/**
|
||||
* The names of the attributes that should not be transformed to null.
|
||||
*
|
||||
* @var array<int, string>
|
||||
*/
|
||||
protected array $except = [
|
||||
];
|
||||
}
|
||||
38
app/Http/Middleware/EnforceTokenIp.php
Normal file
38
app/Http/Middleware/EnforceTokenIp.php
Normal file
@@ -0,0 +1,38 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use App\Auth\BearerTokenResolver;
|
||||
use Closure;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
|
||||
/**
|
||||
* Middleware: token.ip
|
||||
*
|
||||
* If the current request authenticated via a personal access token,
|
||||
* enforce the token's allowed_ips list. Session-authenticated requests
|
||||
* pass through untouched.
|
||||
*/
|
||||
class EnforceTokenIp
|
||||
{
|
||||
public function handle($request, Closure $next): ResponseInterface
|
||||
{
|
||||
$token = BearerTokenResolver::current();
|
||||
|
||||
if ($token !== null) {
|
||||
$ip = BearerTokenResolver::clientIp($request);
|
||||
if (! $token->ipAllowed($ip)) {
|
||||
return response()->json([
|
||||
'success' => false,
|
||||
'message' => 'Request IP not allowed for this token.',
|
||||
'code' => 'IP_NOT_ALLOWED',
|
||||
], 403);
|
||||
}
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
43
app/Http/Middleware/EnsureUserHasRole.php
Normal file
43
app/Http/Middleware/EnsureUserHasRole.php
Normal file
@@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Hyperf\HttpMessage\Exception\UnauthorizedHttpException;
|
||||
use Hyperf\HttpServer\Annotation\Middleware;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
|
||||
use Hypervel\Support\Facades\Auth;
|
||||
use App\Enums\UserTypes;
|
||||
|
||||
class EnsureUserHasRole extends Middleware
|
||||
{
|
||||
/**
|
||||
* Process an incoming server request.
|
||||
*
|
||||
* @param ServerRequestInterface $request
|
||||
* @param Closure $next
|
||||
* @param string ...$roles
|
||||
* @return ResponseInterface
|
||||
*/
|
||||
public function handle(ServerRequestInterface $request, Closure $next, string...$roles): ResponseInterface
|
||||
{
|
||||
/** @var \App\Models\User $user */
|
||||
$user = Auth::user();
|
||||
|
||||
if (!$user) {
|
||||
throw new UnauthorizedHttpException('Unauthorized: Please login.');
|
||||
}
|
||||
|
||||
foreach ($roles as $role) {
|
||||
if ($user->hasRole($role)) {
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
|
||||
throw new UnauthorizedHttpException('Unauthorized: You do not have the required role.');
|
||||
}
|
||||
}
|
||||
32
app/Http/Middleware/EnsureUserIsUltimate.php
Normal file
32
app/Http/Middleware/EnsureUserIsUltimate.php
Normal file
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Hyperf\HttpMessage\Exception\UnauthorizedHttpException;
|
||||
use Hyperf\HttpServer\Annotation\Middleware;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
|
||||
use Hypervel\Support\Facades\Auth;
|
||||
|
||||
use App\Enums\UserTypes;
|
||||
|
||||
class EnsureUserIsUltimate extends Middleware
|
||||
{
|
||||
/**
|
||||
* Process an incoming server request.
|
||||
*/
|
||||
public function handle(ServerRequestInterface $request, Closure $next): ResponseInterface
|
||||
{
|
||||
$user = Auth::user();
|
||||
|
||||
if (!$user || $user->acct_type !== UserTypes::ULTIMATE) {
|
||||
throw new UnauthorizedHttpException('', 'Unauthorized: Only ultimate users allowed.');
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
}
|
||||
29
app/Http/Middleware/InertiaMiddleware.php
Normal file
29
app/Http/Middleware/InertiaMiddleware.php
Normal file
@@ -0,0 +1,29 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
// use Hyperf\HttpServer\Contract\ResponseInterface;
|
||||
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Server\MiddlewareInterface;
|
||||
use Psr\Http\Server\RequestHandlerInterface;
|
||||
|
||||
|
||||
|
||||
class InertiaMiddleware implements MiddlewareInterface
|
||||
{
|
||||
public function process($request, RequestHandlerInterface $handler): ResponseInterface
|
||||
{
|
||||
$response = $handler->handle($request);
|
||||
|
||||
if ($request->hasHeader('X-Inertia')) {
|
||||
return $response
|
||||
->withHeader('Content-Type', 'application/json')
|
||||
->withHeader('X-Inertia', 'true');
|
||||
}
|
||||
|
||||
return $response;
|
||||
}
|
||||
}
|
||||
18
app/Http/Middleware/TrimStrings.php
Normal file
18
app/Http/Middleware/TrimStrings.php
Normal file
@@ -0,0 +1,18 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Hypervel\Foundation\Http\Middleware\TrimStrings as Middleware;
|
||||
|
||||
class TrimStrings extends Middleware
|
||||
{
|
||||
/**
|
||||
* The names of the attributes that should not be trimmed.
|
||||
*
|
||||
* @var array<int, string>
|
||||
*/
|
||||
protected array $except = [
|
||||
];
|
||||
}
|
||||
24
app/Http/Middleware/ValidateSignature.php
Normal file
24
app/Http/Middleware/ValidateSignature.php
Normal file
@@ -0,0 +1,24 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Hypervel\Router\Middleware\ValidateSignature as Middleware;
|
||||
|
||||
class ValidateSignature extends Middleware
|
||||
{
|
||||
/**
|
||||
* The names of the query string parameters that should be ignored.
|
||||
*
|
||||
* @var array<int, string>
|
||||
*/
|
||||
protected array $except = [
|
||||
// 'fbclid',
|
||||
// 'utm_campaign',
|
||||
// 'utm_content',
|
||||
// 'utm_medium',
|
||||
// 'utm_source',
|
||||
// 'utm_term',
|
||||
];
|
||||
}
|
||||
18
app/Http/Middleware/VerifyCsrfToken.php
Normal file
18
app/Http/Middleware/VerifyCsrfToken.php
Normal file
@@ -0,0 +1,18 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Hypervel\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
|
||||
|
||||
class VerifyCsrfToken extends Middleware
|
||||
{
|
||||
/**
|
||||
* The URIs that should be excluded from CSRF verification.
|
||||
*
|
||||
* @var array<int, string>
|
||||
*/
|
||||
protected array $except = [
|
||||
];
|
||||
}
|
||||
Reference in New Issue
Block a user