migrate to gtea from bistbucket

public/restaurant/app/Http/Middleware/CheckInstallation.php

@@ -0,0 +1,17 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+
+class CheckInstallation
+{
+    public function handle($request, Closure $next)
+    {
+        if (! file_exists(storage_path('mightyRestaurant'))) {
+            return redirect('/install');
+        }
+
+        return $next($request);
+    }
+}

public/restaurant/app/Http/Middleware/CheckInstallationStatus.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class CheckInstallationStatus
+{
+    /**
+     * Handle an incoming request.
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        if (file_exists(storage_path('mightyRestaurant'))) {
+            return redirect('/'); // already installed
+        }
+
+        return $next($request);
+    }
+}

public/restaurant/app/Http/Middleware/CheckSubscription.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Traits\ResponseTrait;
+use Closure;
+
+class CheckSubscription
+{
+    use ResponseTrait;
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        $restaurant = auth()->user()->restaurant ?? null;
+
+        if (! $restaurant || ! $restaurant->activeSubscription()) {
+            return $this->responseError([], _lang('No active subscription.'), 403);
+        }
+
+        $subscription = $restaurant->activeSubscription();
+        $plan = $subscription->plan;
+
+        if (! $subscription->isActive()) {
+            return $this->responseError([], _lang('Subscription expired.'), 403);
+        }
+
+        return $next($request);
+    }
+}

public/restaurant/app/Http/Middleware/Customer.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Traits\ResponseTrait;
+use Closure;
+
+class Customer
+{
+    use ResponseTrait;
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return mixed
+     */
+    public function handle($request, Closure $next)
+    {
+        // Check if the authenticated user is not a Customer
+        if (auth()->user()->user_type != 'Customer') {
+            return $this->responseError([], _lang('You are not authorized to access this feature!'), 403);
+        }
+
+        return $next($request);
+    }
+}

public/restaurant/app/Http/Middleware/DeviceApiKeyMiddleware.php

@@ -0,0 +1,37 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class DeviceApiKeyMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        $apiKey = $request->header('X-DEVICE-API-KEY');
+
+        if (! $apiKey) {
+            return response()->json([
+                'status' => false,
+                'message' => 'API key missing',
+            ], 401);
+        }
+
+        // ENV based (demo)
+        if ($apiKey !== config('services.device.api_key')) {
+            return response()->json([
+                'status' => false,
+                'message' => 'Invalid API key',
+            ], 403);
+        }
+
+        return $next($request);
+    }
+}

public/restaurant/app/Http/Middleware/VerifyCsrfToken.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as Middleware;
+
+class VerifyCsrfToken extends Middleware
+{
+    /**
+     * Indicates whether the XSRF-TOKEN cookie should be set on the response.
+     *
+     * @var bool
+     */
+    protected $addHttpCookie = true;
+
+    /**
+     * The URIs that should be excluded from CSRF verification.
+     *
+     * @var array
+     */
+    protected $except = [
+        '/pay-via-ajax',
+        '/success',
+        'payment/sslcommerz/*',
+        'payment/paytm/pay',
+        '/cancel',
+        '/fail',
+        '/ipn',
+        '/bkash/*',
+        '/paytabs-response',
+        '/customer/choose-shipping-address',
+        '/system_settings',
+        '/paytm*',
+        'payment/paytabs/callback*',
+    ];
+}

public/restaurant/app/Http/Middleware/VerifyTokenOrigin.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\App;
+use Symfony\Component\HttpFoundation\Response;
+
+class VerifyTokenOrigin
+{
+    public function handle(Request $request, Closure $next): Response
+    {
+        $requestAgent = strtolower($request->header('User-Agent'));
+        // Only enforce this block in production
+        if (! App::hasDebugModeEnabled()) {
+            $blockedClients = ['postman', 'curl', 'insomnia'];
+
+            foreach ($blockedClients as $client) {
+                if (str_contains($requestAgent, $client)) {
+                    return response()->json(['message' => 'API clients are not allowed in production.'], 403);
+                }
+            }
+
+            // Optional: Only allow browsers
+            if (! str_contains($requestAgent, 'mozilla') && ! str_contains($requestAgent, 'chrome')) {
+                return response()->json(['message' => 'Requests must come from a browser in production.'], 403);
+            }
+        }
+
+        return $next($request);
+    }
+}