webmaster/crewsportswear
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
962c8643c8cb366aecbf93b3d8ff96322c8e7025
crewsportswear/app/Http/Middleware/isAuthorized.php
Frank John Begornia d1976045db fix: remove hardcoded credentials from source code 
- Move PayPal live/sandbox API keys to env variables
- Move hardcoded API token in isAuthorized middleware to env variable
- Add api_token key to config/app.php
- Update .env.example with new required env vars
- Fix isAuthorized response code from 503 to 401
2026-04-24 10:45:54 +08:00

24 lines
515 B
PHP
Raw Blame History

<?php namespace App\Http\Middleware;
use Closure;
class isAuthorized {
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$token = $request->header('token') ?? (getallheaders()['token'] ?? null);
if ($token && $token === config('app.api_token')) {
return $next($request);
}
return response()->json(['status' => false, 'error' => 'Invalid request'], 401);
}
}
Reference in New Issue View Git Blame Copy Permalink