cms/app/Http/Middleware/SiteWeaverAuth.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class SiteWeaverAuth
{
    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle(Request $request, Closure $next, ...$permissions): Response
    {
        if (! $request->user()) {
            return $request->expectsJson()
                ? response()->json(['message' => 'Unauthenticated.'], 401)
                : redirect()->route('login');
        }

        // Check for 2FA requirement
        if ($request->user()->two_factor_secret &&
            ! $request->session()->has('auth.two_factor_confirmed_at') &&
            ! $request->routeIs('two-factor.login')) {
            return $request->expectsJson()
                ? response()->json(['message' => 'Two factor challenge required.', 'redirect' => route('two-factor.login')], 403)
                : redirect()->route('two-factor.login');
        }

        // Hard-coded bypass for the 'admin' role
        if ($request->user()->hasRole('admin')) {
            return $next($request);
        }

        if (empty($permissions)) {
            return $next($request);
        }

        foreach ($permissions as $permission) {
            // Support 'can:slug' prefix
            if (str_starts_with($permission, 'can:')) {
                $permission = substr($permission, 4);
            }

            if ($request->user()->hasPermission($permission)) {
                return $next($request);
            }
        }

        return $request->expectsJson()
            ? response()->json(['message' => 'Unauthorized.'], 403)
            : abort(403, 'Unauthorized access.');
    }
}
feat(cms): initialize Laravel project structure and core CMS files - Added standard Laravel directory structure and configuration. - Included Svelte and Tailwind configuration for the admin interface. - Added core PHPUnit and testing scripts. 2026-04-13 17:48:06 +00:00			`<?php`

			`namespace App\Http\Middleware;`

			`use Closure;`
			`use Illuminate\Http\Request;`
			`use Symfony\Component\HttpFoundation\Response;`

			`class SiteWeaverAuth`
			`{`
			`/**`
			`* Handle an incoming request.`
			`*`
			`* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next`
			`*/`
			`public function handle(Request $request, Closure $next, ...$permissions): Response`
			`{`
			`if (! $request->user()) {`
			`return $request->expectsJson()`
			`? response()->json(['message' => 'Unauthenticated.'], 401)`
			`: redirect()->route('login');`
			`}`

			`// Check for 2FA requirement`
			`if ($request->user()->two_factor_secret &&`
			`! $request->session()->has('auth.two_factor_confirmed_at') &&`
			`! $request->routeIs('two-factor.login')) {`
			`return $request->expectsJson()`
			`? response()->json(['message' => 'Two factor challenge required.', 'redirect' => route('two-factor.login')], 403)`
			`: redirect()->route('two-factor.login');`
			`}`

			`// Hard-coded bypass for the 'admin' role`
			`if ($request->user()->hasRole('admin')) {`
			`return $next($request);`
			`}`

			`if (empty($permissions)) {`
			`return $next($request);`
			`}`

			`foreach ($permissions as $permission) {`
			`// Support 'can:slug' prefix`
			`if (str_starts_with($permission, 'can:')) {`
			`$permission = substr($permission, 4);`
			`}`

			`if ($request->user()->hasPermission($permission)) {`
			`return $next($request);`
			`}`
			`}`

			`return $request->expectsJson()`
			`? response()->json(['message' => 'Unauthorized.'], 403)`
			`: abort(403, 'Unauthorized access.');`
			`}`
			`}`