Deploy: 2026-05-22 23:55:19

backend/app/Middlewares/SubscriptionMiddleware.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace App\Middlewares;
+
+use App\Core\Request;
+use App\Core\Response;
+use App\Models\CompanySubscription;
+use App\Models\CompanySubscriptionUsage;
+
+/**
+ * SubscriptionMiddleware
+ * Validates company subscription validity and request quotas before processing operations.
+ */
+class SubscriptionMiddleware
+{
+    public function handle(Request $request, Response $response): void
+    {
+        // 1. Get company ID (populated by AuthMiddleware)
+        $companyId = $request->company_id ?? null;
+
+        if (!$companyId) {
+            $response->json(['error' => 'Unauthorized', 'message' => 'Company details not found in request Context'], 401);
+            exit;
+        }
+
+        // Allow Company 1 (Intaleq admin/demo) to bypass limits temporarily or have unlimited
+        if ($companyId === 1) {
+            return;
+        }
+
+        // 2. Fetch active subscription
+        $activeSub = CompanySubscription::findActiveByCompany($companyId);
+        if (!$activeSub) {
+            $response->json([
+                'error' => 'Payment Required',
+                'message' => 'This account does not have an active subscription or the current subscription has expired. Please subscribe to a plan to continue.'
+            ], 402);
+            exit;
+        }
+
+        // 3. Verify total requests limit
+        $hasQuota = CompanySubscriptionUsage::hasRemainingLimit($companyId, 'request');
+        if (!$hasQuota) {
+            $response->json([
+                'error' => 'Quota Exceeded',
+                'message' => 'You have exceeded the monthly request quota for your plan (' . $activeSub['max_requests'] . ' requests). Please upgrade your subscription.'
+            ], 403);
+            exit;
+        }
+    }
+}