authenticate(); if (! $user) { return response()->json(['status' => false, 'message' => 'Unauthorized.'], 401); } Auth::setUser($user); if ($response = $this->denyUnavailableAccount($user)) { return $response; } } catch (JWTException $e) { return response()->json(['status' => false, 'message' => 'Unauthorized.'], 401); } return $next($request); } private function denyUnavailableAccount(object $user): ?Response { $status = strtolower(trim((string) ($user->status ?? ''))); if (AccountAvailability::isAuthUnavailable($user)) { return response()->json(['message' => 'Account unavailable.'], 403); } return null; } }