From 4d4846f4740704a97253748cee19d6ce3756bc8e Mon Sep 17 00:00:00 2001
From: sayaliparab <sayali00015@gmail.com>
Date: Tue, 11 Mar 2025 20:17:07 +0530
Subject: [PATCH] middleware

---
 .../APIS/CustomerApi/AuthController.php       | 12 +---
 app/Http/Middleware/CheckUserStatus.php       | 56 +++++++++++++++++++
 2 files changed, 57 insertions(+), 11 deletions(-)
 create mode 100644 app/Http/Middleware/CheckUserStatus.php

diff --git a/app/Http/Controllers/APIS/CustomerApi/AuthController.php b/app/Http/Controllers/APIS/CustomerApi/AuthController.php
index c720b0c..740528b 100644
--- a/app/Http/Controllers/APIS/CustomerApi/AuthController.php
+++ b/app/Http/Controllers/APIS/CustomerApi/AuthController.php
@@ -18,38 +18,29 @@ class AuthController extends Controller
     public function login(Request $request)
     {
         try {
-            // Validate incoming request data
             $validator = Validator::make($request->all(), [
                 'email' => 'required|email',
                 'password' => 'required',
             ]);
 
-            // Check if validation failed
             if ($validator->fails()) {
                 $validationErrors = $validator->errors()->all();
                 Log::error("Login validation error: " . implode(", ", $validationErrors));
                 return jsonResponseWithErrorMessageApi($validationErrors, 403);
             }
 
-            // Check if the user is soft-deleted
-            // $isDelete = User::where('email_address', $request->email_address)->onlyTrashed()->first();
-            // if ($isDelete) {
-            //     return jsonResponseWithErrorMessageApi(__('auth.deleted_user_by_admin'), 403);
-            // }
 
-            // Check if the user exists and is not soft-deleted
+
             $isExistEmail = User::where('email', $request->email)->first();
             if ($isExistEmail == null) {
                 return jsonResponseWithErrorMessageApi(__('auth.incorrect_email'), 403);
             }
 
-            // Check if the entered password matches the stored password
             if ($isExistEmail && !(Hash::check($request->password, $isExistEmail->password))) {
                 Log::error('Entered Password is wrong for ' . $request->email);
                 return jsonResponseWithErrorMessageApi(__('auth.incorrect_password'), 403);
             }
 
-            // Attempt to authenticate the user
             $credentials = [
                 'email' => $request->email,
                 'password' => $request->password,
@@ -68,7 +59,6 @@ class AuthController extends Controller
                 return jsonResponseWithSuccessMessage(__('auth.data_fetched_successfully'), $response, 200);
             }
 
-            // Authentication failed
 
         }
         catch (QueryException $e) {
diff --git a/app/Http/Middleware/CheckUserStatus.php b/app/Http/Middleware/CheckUserStatus.php
new file mode 100644
index 0000000..fced48f
--- /dev/null
+++ b/app/Http/Middleware/CheckUserStatus.php
@@ -0,0 +1,56 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+use Tymon\JWTAuth\Facades\JWTAuth;
+use Tymon\JWTAuth\Exceptions\JWTException;
+use Illuminate\Support\Facades\Session;
+class CheckUserStatus
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        // Check if the custom access-token header is present
+        if (!$request->hasHeader('access-token')) {
+            return response()->json([
+                'status' => 'error',
+                'status_code' => 401,
+                'message' => 'Access token not provided'
+            ], 401);
+        }
+
+        // Retrieve the token from the custom access-token header
+        $token = $request->header('access-token');
+
+        try {
+            // Attempt to authenticate the user based on the token
+            $user = JWTAuth::setToken($token)->authenticate();
+
+            if (!$user || $user->authority !== 'CUSTOMER_USER') {
+                return response()->json([
+                    'status' => 'error',
+                    'status_code' => 403,
+                    'message' => 'Unauthorized access'
+                ], 403);
+            }
+
+            Session::flash('vendorToken', $token);
+        } catch (JWTException $e) {
+            return response()->json([
+                'status' => 'error',
+                'status_code' => 401,
+                'message' => 'Invalid token'
+            ], 401);
+        }
+
+        return $next($request);
+    }
+}