header('X-Api-Key'); if (!$apiKey && $auth = $request->header('Authorization')) { if (str_starts_with(strtolower($auth), 'bearer ')) { $apiKey = substr($auth, 7); } } if (empty($apiKey)) { return response()->json([ 'error' => 'Unauthorized. API Key is missing.', ], 401); } $mgr = app(ShortUrlSettingsManager::class); $keys = $mgr->get('api_keys', []); $valid = false; foreach ($keys as $keyObj) { if (($keyObj['key'] ?? '') === $apiKey && (bool) ($keyObj['is_active'] ?? false)) { $valid = true; break; } } if (!$valid) { return response()->json([ 'error' => 'Unauthorized. Invalid or inactive API Key.', ], 401); } return $next($request); } }