first commit

common/Auth/Middleware/ForbidBannedUser.php

@@ -0,0 +1,26 @@
+<?php
+
+namespace Common\Auth\Middleware;
+
+use Closure;
+use Illuminate\Contracts\Auth\StatefulGuard;
+use Illuminate\Http\Request;
+
+class ForbidBannedUser
+{
+    public function __construct(protected StatefulGuard $guard)
+    {
+    }
+
+    public function handle(Request $request, Closure $next)
+    {
+        if ($request->user() && $request->user()->isBanned()) {
+            $this->guard->logout();
+            $request->session()->invalidate();
+            $request->session()->regenerateToken();
+            abort(403);
+        }
+
+        return $next($request);
+    }
+}

common/Auth/Middleware/OptionalAuthenticate.php

@@ -0,0 +1,14 @@
+<?php
+
+namespace Common\Auth\Middleware;
+
+use Illuminate\Auth\Middleware\Authenticate;
+
+class OptionalAuthenticate extends Authenticate
+{
+    // prevent authentication exception if user is not logged in at all. This will be handled in policies instead
+    protected function unauthenticated($request, array $guards)
+    {
+
+    }
+}

common/Auth/Middleware/VerifyApiAccessMiddleware.php

@@ -0,0 +1,20 @@
+<?php
+
+namespace Common\Auth\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class VerifyApiAccessMiddleware
+{
+    public function handle(Request $request, Closure $next)
+    {
+        $model = $request->user() ?: app('guestRole');
+
+        if (!requestIsFromFrontend() && !$model->hasPermission('api.access')) {
+            abort(401);
+        }
+
+        return $next($request);
+    }
+}