diff --git a/app/Http/Middleware/AdminMiddleware.php b/app/Http/Middleware/AdminMiddleware.php new file mode 100644 index 000000000..7115f0b9b --- /dev/null +++ b/app/Http/Middleware/AdminMiddleware.php @@ -0,0 +1,52 @@ +attributes->get('authenticated_user_id'); + + if (!$userId) { + if ($request->expectsJson()) { + return new JsonResponse(['error' => 'Authentication required'], 401); + } + + return new Response('Authentication required', 401); + } + + // TODO: Implement actual admin role check + // For now, accept user ID 1 as admin + if ($userId !== 1) { + if ($request->expectsJson()) { + return new JsonResponse(['error' => 'Admin access required'], 403); + } + + return new Response('Admin access required', 403); + } + + return $next($request); + } +} diff --git a/app/Http/Middleware/AuthMiddleware.php b/app/Http/Middleware/AuthMiddleware.php new file mode 100644 index 000000000..9e92b9989 --- /dev/null +++ b/app/Http/Middleware/AuthMiddleware.php @@ -0,0 +1,55 @@ +bearerToken() ?? $request->input('api_token'); + + if (!$token) { + if ($request->expectsJson()) { + return new JsonResponse(['error' => 'Authentication required'], 401); + } + + return new Response('Authentication required', 401); + } + + // TODO: Implement actual token validation + // For now, accept any token that starts with 'valid_' + if (!str_starts_with($token, 'valid_')) { + if ($request->expectsJson()) { + return new JsonResponse(['error' => 'Invalid token'], 401); + } + + return new Response('Invalid token', 401); + } + + // Add user info to request for use in controllers + $request->attributes->set('authenticated_user_id', 1); + + return $next($request); + } +} diff --git a/app/Http/Middleware/BaseMiddleware.php b/app/Http/Middleware/BaseMiddleware.php new file mode 100644 index 000000000..97bf454ca --- /dev/null +++ b/app/Http/Middleware/BaseMiddleware.php @@ -0,0 +1,38 @@ +before($request); + $response = $next($request); + return $this->after($request, $response); + } + + /** + * Process request before passing to next middleware + */ + protected function before(Request $request): Request + { + return $request; + } + + /** + * Process response after middleware chain + */ + protected function after(Request $request, Response $response): Response + { + return $response; + } +} diff --git a/app/Http/Middleware/CorsMiddleware.php b/app/Http/Middleware/CorsMiddleware.php new file mode 100644 index 000000000..871b4fa38 --- /dev/null +++ b/app/Http/Middleware/CorsMiddleware.php @@ -0,0 +1,58 @@ +allowedOrigins = $allowedOrigins; + $this->allowedHeaders = $allowedHeaders; + $this->allowedMethods = $allowedMethods; + } + + public function handle(Request $request, Closure $next): Response + { + if ($request->getMethod() === 'OPTIONS') { + return $this->createPreflightResponse($request); + } + + $response = $next($request); + return $this->addCorsHeaders($response, $request); + } + + private function createPreflightResponse(Request $request): Response + { + $response = new Response('', 200); + return $this->addCorsHeaders($response, $request); + } + + private function addCorsHeaders(Response $response, Request $request): Response + { + $origin = $request->headers->get('Origin', ''); + + if (in_array('*', $this->allowedOrigins) || in_array($origin, $this->allowedOrigins)) { + $response->headers->set('Access-Control-Allow-Origin', $origin ?: '*'); + } + + $response->headers->set('Access-Control-Allow-Methods', implode(', ', $this->allowedMethods)); + $response->headers->set('Access-Control-Allow-Headers', implode(', ', $this->allowedHeaders)); + $response->headers->set('Access-Control-Max-Age', '86400'); + + return $response; + } +}