Initial commit: Lash Vanshy - Complete project with admin panel, gallery, products, and contact

2026-04-08 00:23:16 -06:00
commit e07e065791
111 changed files with 17939 additions and 0 deletions
--- a/app/Http/Middleware/AdminAuth.php
+++ b/app/Http/Middleware/AdminAuth.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Symfony\Component\HttpFoundation\Response;
+
+class AdminAuth
+{
+    /**
+     * Handle an incoming request.
+     *
+     * Verifica que el usuario esté autenticado en el guard 'admin'
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (! Auth::guard('admin')->check()) {
+            // Si no está autenticado, redirigir al login
+            return redirect()->route('admin.login')->with('error', 'Debes iniciar sesión para acceder.');
+        }
+
+        return $next($request);
+    }
+}
--- a/app/Http/Middleware/SecurityHeaders.php
+++ b/app/Http/Middleware/SecurityHeaders.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class SecurityHeaders
+{
+    public function handle(Request $request, Closure $next): Response
+    {
+        $response = $next($request);
+
+        $response->headers->set('X-Frame-Options', 'SAMEORIGIN');
+        $response->headers->set('X-Content-Type-Options', 'nosniff');
+        $response->headers->set('Referrer-Policy', 'strict-origin-when-cross-origin');
+        $response->headers->set('Content-Security-Policy', "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com data:; img-src 'self' data: https:; connect-src 'self' https:;");
+
+        return $response;
+    }
+}
--- a/app/Http/Middleware/SuperAdminOnly.php
+++ b/app/Http/Middleware/SuperAdminOnly.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Symfony\Component\HttpFoundation\Response;
+
+class SuperAdminOnly
+{
+    public function handle(Request $request, Closure $next): Response
+    {
+        $user = Auth::guard('admin')->user();
+
+        if (! $user || ! $user->isSuperAdmin()) {
+            abort(403, 'Acceso restringido a super administrador.');
+        }
+
+        return $next($request);
+    }
+}