initial commit

app/Http/Middleware/EnsureTwoFactorVerified.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Services\Auth\TwoFactorService;
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class EnsureTwoFactorVerified
+{
+    public function __construct(private readonly TwoFactorService $twoFactor) {}
+
+    public function handle(Request $request, Closure $next): Response
+    {
+        $user = $request->user();
+        if (! $user) {
+            return $next($request);
+        }
+
+        if ($this->twoFactor->mustSetup($user) && ! $request->routeIs('two-factor.*')) {
+            return redirect()->route('two-factor.setup');
+        }
+
+        if ($this->twoFactor->isEnabled($user) && ! $request->session()->get('two_factor_passed')) {
+            if (! $request->routeIs('two-factor.challenge', 'two-factor.challenge.store', 'logout')) {
+                return redirect()->route('two-factor.challenge');
+            }
+        }
+
+        return $next($request);
+    }
+}