42 lines
1.0 KiB
PHP
42 lines
1.0 KiB
PHP
<?php
|
||
|
||
namespace App\Http\Middleware;
|
||
|
||
use Closure;
|
||
use Illuminate\Http\Request;
|
||
|
||
class CheckStaticHash
|
||
{
|
||
/**
|
||
* Handle an incoming request.
|
||
*
|
||
* @param \Illuminate\Http\Request $request
|
||
* @param \Closure $next
|
||
* @return mixed
|
||
*/
|
||
public function handle(Request $request, Closure $next)
|
||
{
|
||
$hash = config('services.api.static_hash');
|
||
|
||
// Eğer hash config'de tanımlı değilse güvenli başarısızlık (fail-safe)
|
||
if (empty($hash)) {
|
||
return response()->json([
|
||
'status' => 'error',
|
||
'message' => 'Server configuration error: API Static Hash is not configured.'
|
||
], 500);
|
||
}
|
||
|
||
$requestHash = $request->header('X-Api-Hash');
|
||
|
||
if ($requestHash !== $hash) {
|
||
return response()->json([
|
||
'status' => 'error',
|
||
'message' => 'Unauthorized access. Invalid or missing X-Api-Hash header.'
|
||
], 401);
|
||
}
|
||
|
||
return $next($request);
|
||
}
|
||
}
|
||
|