authenticate(); if (! $user) { return response()->json(['status' => false, 'message' => 'Unauthorized.'], 401); } Auth::setUser($user); if ($response = $this->denyUnavailableAccount($user)) { return $response; } } catch (JWTException $e) { return response()->json(['status' => false, 'message' => 'Unauthorized.'], 401); } return $next($request); } private function denyUnavailableAccount(object $user): ?Response { $status = strtolower(trim((string) ($user->status ?? ''))); $isVerified = filter_var($user->is_verified ?? false, FILTER_VALIDATE_BOOLEAN); $isSuspended = filter_var($user->is_suspended ?? false, FILTER_VALIDATE_BOOLEAN); if (! $isVerified || $status !== 'active' || $isSuspended) { return response()->json(['message' => 'Account unavailable.'], 403); } return null; } }