<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Config;

class AccessKeyMiddleware
{
    public function handle(Request $request, Closure $next)
    {
        $clientIp = $request->header('X-Forwarded-For');
        if (!$clientIp) {
            $clientIp = $request->ip();
        }
        $accessKeyInHeader = $request->header('accesskey');
        $accessKeyInEnv = env('VALID_ACCESS_KEY');
        $internalIpRanges = [
            '10.0.0.0/8',
            '172.16.0.0/12',
            '192.168.0.0/16'
        ];
        $isInternalIp = false;
        foreach ($internalIpRanges as $range) {
            if (strpos($range, '/')!== false) {
                list($subnet, $bits) = explode('/', $range);
                $ipLong = ip2long($clientIp);
                $subnetLong = ip2long($subnet);
                $mask = -1 << (32 - $bits);
                if (($ipLong & $mask) === ($subnetLong & $mask)) {
                    $isInternalIp = true;
                    break;
                }
            } elseif ($clientIp === $range) {
                $isInternalIp = true;
                break;
            }
        }

        if ($accessKeyInHeader == $accessKeyInEnv && !empty($accessKeyInHeader)) {
            return $next($request);
        } else if($isInternalIp) {
            return $next($request);
        } else  {
            return response()->json(['message' => 'Access denied'], 403);
        }
    }


}