migrant-web/app/Http/Middleware/EmployerApiMiddleware.php

65 lines
2.0 KiB
PHP

<?php
namespace App\Http\Middleware;
use App\Models\User;
use Closure;
use Illuminate\Http\Request;
class EmployerApiMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
$authHeader = $request->header('Authorization');
if (!$authHeader || !str_starts_with($authHeader, 'Bearer ')) {
return response()->json([
'success' => false,
'message' => 'Authentication token required.'
], 401);
}
$token = substr($authHeader, 7);
$user = User::where('api_token', $token)->where('role', 'employer')->first();
if (!$user) {
return response()->json([
'success' => false,
'message' => 'Invalid or expired authentication token.'
], 401);
}
// Automatically activate queued pending plans if current active has expired
User::checkAndActivatePendingSubscriptions($user->id);
$user->refresh();
// Enforce active subscription check
$hasActiveSub = ($user->subscription_status === 'active' || $user->subscription_status === 'none');
if (!$hasActiveSub) {
// Only allow access to payments or plans endpoints
$path = $request->getPathInfo();
$isAllowedApi = str_contains($path, '/payments') || str_contains($path, '/plans');
if (!$isAllowedApi) {
return response()->json([
'success' => false,
'message' => 'Your subscription has expired. Please purchase or renew a subscription plan to restore access.'
], 403);
}
}
// Attach employer object to request attributes so controllers can read it using $request->attributes->get('employer')
$request->attributes->set('employer', $user);
return $next($request);
}
}