- Wired the checkout wizard for Google “comfort login”: added Socialite controller + dependency, new Google env

hooks in config/services.php/.env.example, and updated wizard steps/controllers to store session payloads, attach packages, and surface localized success/error states. - Retooled payment handling for both Stripe and PayPal, adding richer status management in CheckoutController/ PayPalController, fallback flows in the wizard’s PaymentStep.tsx, and fresh feature tests for intent creation, webhooks, and the wizard CTA. - Introduced a consent-aware Matomo analytics stack: new consent context, cookie-banner UI, useAnalytics/ useCtaExperiment hooks, and MatomoTracker component, then instrumented marketing pages (Home, Packages, Checkout) with localized copy and experiment tracking. - Polished package presentation across marketing UIs by centralizing formatting in PresentsPackages, surfacing localized description tables/placeholders, tuning badges/layouts, and syncing guest/marketing translations. - Expanded docs & reference material (docs/prp/*, TODOs, public gallery overview) and added a Playwright smoke test for the hero CTA while reconciling outstanding checklist items.
2025-10-19 11:41:03 +02:00
parent ae9b9160ac
commit a949c8d3af
113 changed files with 5169 additions and 712 deletions
--- a/app/Http/Middleware/TenantTokenGuard.php
+++ b/app/Http/Middleware/TenantTokenGuard.php
@@ -7,6 +7,7 @@ use App\Models\TenantToken;
 use Closure;
 use Firebase\JWT\JWT;
 use Firebase\JWT\Key;
+use Illuminate\Support\Facades\File;
 use Illuminate\Auth\GenericUser;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
@@ -15,6 +16,8 @@ use Illuminate\Support\Str;

 class TenantTokenGuard
 {
+    private const LEGACY_KID = 'fotospiel-jwt';
+
    /**
     * Handle an incoming request.
     */
@@ -104,7 +107,9 @@ class TenantTokenGuard
     */
    private function decodeToken(string $token): array
    {
-        $publicKey = file_get_contents(storage_path('app/public.key'));
+        $kid = $this->extractKid($token);
+        $publicKey = $this->loadPublicKeyForKid($kid);
+
        if (! $publicKey) {
            throw new \Exception('JWT public key not found');
        }
@@ -114,6 +119,35 @@ class TenantTokenGuard
        return (array) $decoded;
    }

+    private function extractKid(string $token): ?string
+    {
+        $segments = explode('.', $token);
+        if (count($segments) < 2) {
+            return null;
+        }
+
+        $decodedHeader = json_decode(base64_decode($segments[0]), true);
+        return is_array($decodedHeader) ? ($decodedHeader['kid'] ?? null) : null;
+    }
+
+    private function loadPublicKeyForKid(?string $kid): ?string
+    {
+        $resolvedKid = $kid ?? config('oauth.keys.current_kid', self::LEGACY_KID);
+        $base = rtrim(config('oauth.keys.storage_path', storage_path('app/oauth-keys')), DIRECTORY_SEPARATOR);
+        $path = $base.DIRECTORY_SEPARATOR.$resolvedKid.DIRECTORY_SEPARATOR.'public.key';
+
+        if (File::exists($path)) {
+            return File::get($path);
+        }
+
+        $legacyPath = storage_path('app/public.key');
+        if (File::exists($legacyPath)) {
+            return File::get($legacyPath);
+        }
+
+        return null;
+    }
+
    /**
     * Check if token is blacklisted
     */