Initial V2 commit

2026-04-22 21:59:56 +03:00
commit 4706404488
53 changed files with 4392 additions and 0 deletions
--- a/app/Http/Middleware/JwtAuthMiddleware.php
+++ b/app/Http/Middleware/JwtAuthMiddleware.php
@@ -0,0 +1,56 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
+use Firebase\JWT\ExpiredException;
+
+/**
+ * JWT Authentication Middleware
+ * 
+ * Validates JWT tokens from the Authorization header.
+ * Works in conjunction with HMAC middleware for double-layer security.
+ */
+class JwtAuthMiddleware
+{
+    public function handle(Request $request, Closure $next)
+    {
+        $authHeader = $request->header('Authorization');
+
+        if (!$authHeader || !str_starts_with($authHeader, 'Bearer ')) {
+            return response()->json([
+                'status' => 'failure',
+                'message' => 'Missing or invalid Authorization header'
+            ], 401);
+        }
+
+        $token = substr($authHeader, 7);
+
+        try {
+            $decoded = JWT::decode($token, new Key(config('intaleq.jwt_secret'), 'HS256'));
+
+            // Attach JWT claims to request
+            $request->merge([
+                '_jwt_user_id' => $decoded->user_id ?? null,
+                '_jwt_user_type' => $decoded->user_type ?? null,
+                '_jwt_fingerprint' => $decoded->fingerprint ?? null,
+            ]);
+
+            return $next($request);
+
+        } catch (ExpiredException $e) {
+            return response()->json([
+                'status' => 'failure',
+                'message' => 'Token expired'
+            ], 401);
+        } catch (\Exception $e) {
+            return response()->json([
+                'status' => 'failure',
+                'message' => 'Invalid token'
+            ], 401);
+        }
+    }
+}