Update: 2026-05-08 04:58:23

public/tool-encrypt.php

@@ -1,11 +1,33 @@
 <?php
 /**
- * Quick Encryption Tool
+ * Quick Encryption Tool (Development Only — Protected)
  */
 
 require_once __DIR__ . '/../app/bootstrap/init.php';
 
 use App\Core\Encryption;
+use App\Middleware\AuthMiddleware;
+
+// SECURITY: Block access in production
+if (env('APP_ENV', 'production') === 'production') {
+    http_response_code(404);
+    echo 'Not Found';
+    exit;
+}
+
+// SECURITY: Require super_admin authentication
+try {
+    $decoded = AuthMiddleware::check();
+    if (($decoded['role'] ?? '') !== 'super_admin') {
+        http_response_code(403);
+        echo 'Forbidden';
+        exit;
+    }
+} catch (\Throwable $e) {
+    http_response_code(401);
+    echo 'Unauthorized';
+    exit;
+}
 
 $input = $_GET['text'] ?? '';
 $encrypted = $input ? Encryption::encrypt($input) : '';