4f72d62146
DomainScope middleware checks Host header per-request — Octane-safe.
Applied to Api homepage (scoped to api.lthn.io). Explorer and Docs
subdomain routes stay disabled — catch-all routes like /{section}/{page?}
match before middleware runs, breaking other routes. These modules
need own containers for proper domain isolation.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
45 lines
1.2 KiB
PHP
45 lines
1.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
|
|
/**
|
|
* Octane-compatible domain scoping middleware.
|
|
*
|
|
* Checks the Host header per-request and returns 404 if the
|
|
* request domain doesn't match the allowed patterns. This
|
|
* replaces $_SERVER['HTTP_HOST'] checks at route registration
|
|
* time, which don't work with Octane (routes registered once).
|
|
*
|
|
* Usage in route files:
|
|
* Route::middleware('domain:explorer.lthn.io')->group(...)
|
|
* Route::middleware('domain:docs.lthn.io,docs.test')->group(...)
|
|
*/
|
|
class DomainScope
|
|
{
|
|
public function handle(Request $request, Closure $next, string ...$domains): mixed
|
|
{
|
|
$host = $request->getHost();
|
|
|
|
foreach ($domains as $domain) {
|
|
// Exact match
|
|
if ($host === $domain) {
|
|
return $next($request);
|
|
}
|
|
|
|
// Wildcard match (e.g., *.lthn.io)
|
|
if (str_starts_with($domain, '*.')) {
|
|
$suffix = substr($domain, 1); // .lthn.io
|
|
if (str_ends_with($host, $suffix)) {
|
|
return $next($request);
|
|
}
|
|
}
|
|
}
|
|
|
|
abort(404);
|
|
}
|
|
}
|