From d0be8f744c2f607af06dd63d7a36b367fe4bf872 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Wed, 10 Nov 2021 08:23:22 +1100 Subject: [PATCH] Restrict API access for free/unpaid accounts --- app/Http/Middleware/TokenAuth.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/app/Http/Middleware/TokenAuth.php b/app/Http/Middleware/TokenAuth.php index a5af6ba1c310..fce88c82037d 100644 --- a/app/Http/Middleware/TokenAuth.php +++ b/app/Http/Middleware/TokenAuth.php @@ -42,6 +42,16 @@ class TokenAuth return response()->json($error, 403); } + if(Ninja::isHosted() && $company_token->is_system == 0 && !$user->account->isPaid()){ + + $error = [ + 'message' => 'Feature not available with free / unpaid account.', + 'errors' => new stdClass, + ]; + + return response()->json($error, 403); + } + /* | | Necessary evil here: As we are authenticating on CompanyToken,