lthn.io/app/Http/Middleware/DomainScope.php

<?php

declare(strict_types=1);

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

/**
 * Octane-compatible domain scoping middleware.
 *
 * Checks the Host header per-request and returns 404 if the
 * request domain doesn't match the allowed patterns. This
 * replaces $_SERVER['HTTP_HOST'] checks at route registration
 * time, which don't work with Octane (routes registered once).
 *
 * Usage in route files:
 *   Route::middleware('domain:explorer.lthn.io')->group(...)
 *   Route::middleware('domain:docs.lthn.io,docs.test')->group(...)
 */
class DomainScope
{
    public function handle(Request $request, Closure $next, string ...$domains): mixed
    {
        $host = $request->getHost();

        foreach ($domains as $domain) {
            // Exact match
            if ($host === $domain) {
                return $next($request);
            }

            // Wildcard match (e.g., *.lthn.io)
            if (str_starts_with($domain, '*.')) {
                $suffix = substr($domain, 1); // .lthn.io
                if (str_ends_with($host, $suffix)) {
                    return $next($request);
                }
            }
        }

        abort(404);
    }
}
feat: Octane domain middleware + fix catch-all route conflicts DomainScope middleware checks Host header per-request — Octane-safe. Applied to Api homepage (scoped to api.lthn.io). Explorer and Docs subdomain routes stay disabled — catch-all routes like /{section}/{page?} match before middleware runs, breaking other routes. These modules need own containers for proper domain isolation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-04 11:31:19 +01:00			`<?php`

			`declare(strict_types=1);`

			`namespace App\Http\Middleware;`

			`use Closure;`
			`use Illuminate\Http\Request;`

			`/**`
			`* Octane-compatible domain scoping middleware.`
			`*`
			`* Checks the Host header per-request and returns 404 if the`
			`* request domain doesn't match the allowed patterns. This`
			`* replaces $_SERVER['HTTP_HOST'] checks at route registration`
			`* time, which don't work with Octane (routes registered once).`
			`*`
			`* Usage in route files:`
			`* Route::middleware('domain:explorer.lthn.io')->group(...)`
			`* Route::middleware('domain:docs.lthn.io,docs.test')->group(...)`
			`*/`
			`class DomainScope`
			`{`
			`public function handle(Request $request, Closure $next, string ...$domains): mixed`
			`{`
			`$host = $request->getHost();`

			`foreach ($domains as $domain) {`
			`// Exact match`
			`if ($host === $domain) {`
			`return $next($request);`
			`}`

			`// Wildcard match (e.g., *.lthn.io)`
			`if (str_starts_with($domain, '*.')) {`
			`$suffix = substr($domain, 1); // .lthn.io`
			`if (str_ends_with($host, $suffix)) {`
			`return $next($request);`
			`}`
			`}`
			`}`

			`abort(404);`
			`}`
			`}`