feat(middleware): enhance private mode functionality and add secret validation

- Updated CheckPrivateModeMiddleware to include secret validation for accessing the application in private mode.
- Introduced `APP_PRIVATE_MODE_SECRET` in .env files for configuration.
- Adjusted configuration settings in app.php to retrieve the private mode secret from environment variables.

.env.production

@@ -87,3 +87,5 @@ OPENAI_MODEL=gpt-4o-mini
 IP_ADDRESS_RESOLVER_URL=http://ip-api.com/batch
 IP_ADDRESS_RESOLVER_CALL_LIMIT_PER_MINUTE=15
 IP_ADDRESS_RESOLVER_MAX_IP_ADDRESSES_PER_CALL=100
+
+APP_PRIVATE_MODE_SECRET=secret
\ No newline at end of file

.env.testing

@@ -83,3 +83,5 @@ OPENAI_MODEL=gpt-4o-mini
 IP_ADDRESS_RESOLVER_URL=http://api.test-provider.com/batch
 IP_ADDRESS_RESOLVER_CALL_LIMIT_PER_MINUTE=15
 IP_ADDRESS_RESOLVER_MAX_IP_ADDRESSES_PER_CALL=100
+
+APP_PRIVATE_MODE_SECRET=secret
\ No newline at end of file

app/Http/Middleware/CheckPrivateModeMiddleware.php

@@ -9,9 +9,14 @@ class CheckPrivateModeMiddleware
 {
     public function handle(Request $request, Closure $next)
     {
-        if (config('app.private_mode') && ! $request->is('maintenance') && ! auth()->check()) {
+        $privateModeEnabled = config('app.private_mode');
+        $privateModeSecret = config('app.private_mode_secret');
+        $userSecretInput = $request->input('secret');
+        $secretIsUsable = ! empty($privateModeSecret) && $privateModeSecret === $userSecretInput;
+
+        if ($privateModeEnabled && ! $secretIsUsable) {
             return redirect()->route('maintenance');
-        } elseif (! config('app.private_mode') && $request->is('maintenance')) {
+        } elseif (! $privateModeEnabled && $request->is('maintenance')) {
             return redirect()->route('index');
         }
 

config/app.php

@@ -136,4 +136,6 @@
     ],
 
     'cdn_disk' => env('CDN_FILESYSTEM_DISK'),
+
+    'private_mode_mode_secret' => env('APP_PRIVATE_MODE_SECRET'),
 ];