File: /home/xedaptot/be.naniguide.com/app/Http/Middleware/DemoGuard.php
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class DemoGuard
{
/**
* Route name patterns blocked in demo mode.
* Matched with fnmatch() — supports * wildcard.
*/
private const BLOCKED_PATTERNS = [
// All delete/destroy operations
'*.delete*',
'*.destroy',
// Admin settings — all mutations
'refactor.admin.settings.*',
// Builder save — all template/form/ad builders
'*.builder',
'*.builder_save',
'*.builder_edit',
'*.template_builder',
];
/**
* Explicit route names blocked in demo mode.
*/
private const BLOCKED_ROUTES = [
// Campaign state changes
'refactor.campaigns.pause',
'refactor.campaigns.resume',
'refactor.campaigns.archive',
// Subscription mutations
'refactor.subscription.cancel_now',
'refactor.subscription.cancel_invoice',
'refactor.subscription.disable_recurring',
// Account profile/contact/billing edits
'refactor.account.profile',
'refactor.account.contact',
'refactor.account.billing_edit',
'refactor.account.renew_token',
'refactor.admin.account.profile',
'refactor.admin.account.contact',
'refactor.admin.account.renew-token',
// Sending — blacklist add
'refactor.sending.blacklist_store',
// Admin — customer management
'refactor.admin.customers.disable',
// Admin — subscription management
'refactor.admin.subscriptions.terminate',
'refactor.admin.subscriptions.disable-recurring',
// Admin — language edit
'refactor.admin.languages.upload',
// Admin — plugin install
'refactor.admin.plugins.install',
];
public function handle(Request $request, Closure $next): Response
{
if (!config('app.demo') || $request->isMethod('get')) {
return $next($request);
}
$routeName = $request->route()?->getName() ?? '';
if ($this->isBlocked($routeName)) {
return $this->deny($request);
}
return $next($request);
}
private function isBlocked(string $routeName): bool
{
if (in_array($routeName, self::BLOCKED_ROUTES)) {
return true;
}
foreach (self::BLOCKED_PATTERNS as $pattern) {
if (fnmatch($pattern, $routeName)) {
return true;
}
}
return false;
}
private function deny(Request $request): Response
{
$message = trans('messages.operation_not_allowed_in_demo');
if ($request->expectsJson() || $request->ajax()) {
return response()->json([
'status' => 'error',
'message' => $message,
], 403);
}
return back()->with('alert-error', $message);
}
}