- Wired the checkout wizard for Google “comfort login”: added Socialite controller + dependency, new Google env
hooks in config/services.php/.env.example, and updated wizard steps/controllers to store session payloads, attach packages, and surface localized success/error states. - Retooled payment handling for both Stripe and PayPal, adding richer status management in CheckoutController/ PayPalController, fallback flows in the wizard’s PaymentStep.tsx, and fresh feature tests for intent creation, webhooks, and the wizard CTA. - Introduced a consent-aware Matomo analytics stack: new consent context, cookie-banner UI, useAnalytics/ useCtaExperiment hooks, and MatomoTracker component, then instrumented marketing pages (Home, Packages, Checkout) with localized copy and experiment tracking. - Polished package presentation across marketing UIs by centralizing formatting in PresentsPackages, surfacing localized description tables/placeholders, tuning badges/layouts, and syncing guest/marketing translations. - Expanded docs & reference material (docs/prp/*, TODOs, public gallery overview) and added a Playwright smoke test for the hero CTA while reconciling outstanding checklist items.
This commit is contained in:
Codex Agent
@@ -23,7 +23,7 @@ class PackageMiddleware
|
||||
]);
|
||||
}
|
||||
|
||||
if ($this->requiresPackageCheck($request) && !$this->canPerformAction($request, $tenant)) {
|
||||
if ($this->requiresPackageCheck($request) && ! $this->canPerformAction($request, $tenant)) {
|
||||
return response()->json([
|
||||
'error' => 'Package limits exceeded. Please purchase or upgrade a package.',
|
||||
], 402);
|
||||
@@ -36,35 +36,30 @@ class PackageMiddleware
|
||||
{
|
||||
return $request->isMethod('post') && (
|
||||
$request->routeIs('api.v1.tenant.events.store') ||
|
||||
$request->routeIs('api.v1.tenant.photos.store') // Assuming photo upload route
|
||||
$request->routeIs('api.v1.tenant.events.photos.store')
|
||||
);
|
||||
}
|
||||
|
||||
private function canPerformAction(Request $request, Tenant $tenant): bool
|
||||
{
|
||||
if ($request->routeIs('api.v1.tenant.events.store')) {
|
||||
// Check tenant package for event creation
|
||||
$resellerPackage = $tenant->activeResellerPackage();
|
||||
if ($resellerPackage) {
|
||||
return $resellerPackage->used_events < $resellerPackage->package->max_events_per_year;
|
||||
}
|
||||
return false;
|
||||
return $tenant->hasEventAllowance();
|
||||
}
|
||||
|
||||
if ($request->routeIs('api.v1.tenant.photos.store')) {
|
||||
if ($request->routeIs('api.v1.tenant.events.photos.store')) {
|
||||
$eventId = $request->input('event_id');
|
||||
if (!$eventId) {
|
||||
if (! $eventId) {
|
||||
return false;
|
||||
}
|
||||
$event = Event::findOrFail($eventId);
|
||||
if ($event->tenant_id !== $tenant->id) {
|
||||
$event = Event::query()->find($eventId);
|
||||
if (! $event || $event->tenant_id !== $tenant->id) {
|
||||
return false;
|
||||
}
|
||||
$eventPackage = $event->eventPackage;
|
||||
if (!$eventPackage) {
|
||||
if (! $eventPackage) {
|
||||
return false;
|
||||
}
|
||||
return $eventPackage->used_photos < $eventPackage->package->max_photos;
|
||||
return $eventPackage->used_photos < ($eventPackage->package->max_photos ?? PHP_INT_MAX);
|
||||
}
|
||||
|
||||
return true;
|
||||
@@ -88,4 +83,4 @@ class PackageMiddleware
|
||||
|
||||
return Tenant::findOrFail($tenantId);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ use App\Models\TenantToken;
|
||||
use Closure;
|
||||
use Firebase\JWT\JWT;
|
||||
use Firebase\JWT\Key;
|
||||
use Illuminate\Support\Facades\File;
|
||||
use Illuminate\Auth\GenericUser;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
@@ -15,6 +16,8 @@ use Illuminate\Support\Str;
|
||||
|
||||
class TenantTokenGuard
|
||||
{
|
||||
private const LEGACY_KID = 'fotospiel-jwt';
|
||||
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*/
|
||||
@@ -104,7 +107,9 @@ class TenantTokenGuard
|
||||
*/
|
||||
private function decodeToken(string $token): array
|
||||
{
|
||||
$publicKey = file_get_contents(storage_path('app/public.key'));
|
||||
$kid = $this->extractKid($token);
|
||||
$publicKey = $this->loadPublicKeyForKid($kid);
|
||||
|
||||
if (! $publicKey) {
|
||||
throw new \Exception('JWT public key not found');
|
||||
}
|
||||
@@ -114,6 +119,35 @@ class TenantTokenGuard
|
||||
return (array) $decoded;
|
||||
}
|
||||
|
||||
private function extractKid(string $token): ?string
|
||||
{
|
||||
$segments = explode('.', $token);
|
||||
if (count($segments) < 2) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$decodedHeader = json_decode(base64_decode($segments[0]), true);
|
||||
return is_array($decodedHeader) ? ($decodedHeader['kid'] ?? null) : null;
|
||||
}
|
||||
|
||||
private function loadPublicKeyForKid(?string $kid): ?string
|
||||
{
|
||||
$resolvedKid = $kid ?? config('oauth.keys.current_kid', self::LEGACY_KID);
|
||||
$base = rtrim(config('oauth.keys.storage_path', storage_path('app/oauth-keys')), DIRECTORY_SEPARATOR);
|
||||
$path = $base.DIRECTORY_SEPARATOR.$resolvedKid.DIRECTORY_SEPARATOR.'public.key';
|
||||
|
||||
if (File::exists($path)) {
|
||||
return File::get($path);
|
||||
}
|
||||
|
||||
$legacyPath = storage_path('app/public.key');
|
||||
if (File::exists($legacyPath)) {
|
||||
return File::get($legacyPath);
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if token is blacklisted
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user