<?php

namespace Common\Auth\Middleware;

use Closure;
use Illuminate\Contracts\Auth\StatefulGuard;
use Illuminate\Http\Request;

class ForbidBannedUser
{
    public function __construct(protected StatefulGuard $guard)
    {
    }

    public function handle(Request $request, Closure $next)
    {
        if ($request->user() && $request->user()->isBanned()) {
            $this->guard->logout();
            $request->session()->invalidate();
            $request->session()->regenerateToken();
            abort(403);
        }

        return $next($request);
    }
}