fotospiel-app/app/Http/Middleware/PackageMiddleware.php

<?php

namespace App\Http\Middleware;

use App\Models\Event;
use App\Models\Tenant;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class PackageMiddleware
{
    public function handle(Request $request, Closure $next): Response
    {
        $tenant = $request->attributes->get('tenant');
        if (! $tenant instanceof Tenant) {
            $tenant = $this->resolveTenant($request);
            $request->attributes->set('tenant', $tenant);
            $request->attributes->set('tenant_id', $tenant->id);
            $request->merge([
                'tenant' => $tenant,
                'tenant_id' => $tenant->id,
            ]);
        }

        if ($this->requiresPackageCheck($request) && ! $this->canPerformAction($request, $tenant)) {
            return response()->json([
                'error' => 'Package limits exceeded. Please purchase or upgrade a package.',
            ], 402);
        }

        return $next($request);
    }

    private function requiresPackageCheck(Request $request): bool
    {
        return $request->isMethod('post') && (
            $request->routeIs('api.v1.tenant.events.store') ||
            $request->routeIs('api.v1.tenant.events.photos.store')
        );
    }

    private function canPerformAction(Request $request, Tenant $tenant): bool
    {
        if ($request->routeIs('api.v1.tenant.events.store')) {
            return $tenant->hasEventAllowance();
        }

        if ($request->routeIs('api.v1.tenant.events.photos.store')) {
            $eventId = $request->input('event_id');
            if (! $eventId) {
                return false;
            }
            $event = Event::query()->find($eventId);
            if (! $event || $event->tenant_id !== $tenant->id) {
                return false;
            }
            $eventPackage = $event->eventPackage;
            if (! $eventPackage) {
                return false;
            }
            return $eventPackage->used_photos < ($eventPackage->package->max_photos ?? PHP_INT_MAX);
        }

        return true;
    }

    private function resolveTenant(Request $request): Tenant
    {
        $user = $request->user();
        if ($user && isset($user->tenant) && $user->tenant instanceof Tenant) {
            return $user->tenant;
        }

        $tenantId = $request->attributes->get('tenant_id');
        if (! $tenantId && $user && isset($user->tenant_id)) {
            $tenantId = $user->tenant_id;
        }

        if (! $tenantId) {
            abort(401, 'Unauthenticated');
        }

        return Tenant::findOrFail($tenantId);
    }
}