src/Meezi.API/Middleware/PlanLimitMiddleware.cs

using System.Text.Json;
using Meezi.API.Services;
using Meezi.Core.Interfaces;
using Meezi.Shared;

namespace Meezi.API.Middleware;

public class PlanLimitMiddleware
{
    private static readonly string[] SkipPrefixes =
    [
        "/api/auth",
        "/api/customers/me",
        "/api/admin",
        "/hubs/guest-order",
        "/api/public",
        "/api/q/",
        "/api/webhooks",
        "/api/billing/verify",
        "/health",
        "/swagger",
        "/hangfire"
    ];

    private readonly RequestDelegate _next;

    public PlanLimitMiddleware(RequestDelegate next)
    {
        _next = next;
    }

    public async Task InvokeAsync(HttpContext context, ITenantContext tenant, IPlanLimitChecker planLimitChecker)
    {
        if (ShouldSkip(context.Request.Path))
        {
            await _next(context);
            return;
        }

        if (context.User.Identity?.IsAuthenticated == true)
        {
            var (allowed, code, message) = await planLimitChecker.CheckAsync(context, tenant, context.RequestAborted);
            if (!allowed)
            {
                context.Response.StatusCode = StatusCodes.Status403Forbidden;
                context.Response.ContentType = "application/json";
                var payload = new ApiResponse<object>(false, null, new ApiError(code!, message!));
                await context.Response.WriteAsync(JsonSerializer.Serialize(payload, new JsonSerializerOptions
                {
                    PropertyNamingPolicy = JsonNamingPolicy.CamelCase
                }));
                return;
            }
        }

        await _next(context);
    }

    private static bool ShouldSkip(PathString path)
    {
        var value = path.Value ?? string.Empty;
        return SkipPrefixes.Any(p => value.StartsWith(p, StringComparison.OrdinalIgnoreCase));
    }
}
feat(api): .NET 10 multi-tenant REST API 2026-05-27 21:33:48 +03:30			`using System.Text.Json;`
			`using Meezi.API.Services;`
			`using Meezi.Core.Interfaces;`
			`using Meezi.Shared;`

			`namespace Meezi.API.Middleware;`

			`public class PlanLimitMiddleware`
			`{`
			`private static readonly string[] SkipPrefixes =`
			`[`
			`"/api/auth",`
			`"/api/customers/me",`
			`"/api/admin",`
			`"/hubs/guest-order",`
			`"/api/public",`
			`"/api/q/",`
			`"/api/webhooks",`
			`"/api/billing/verify",`
			`"/health",`
			`"/swagger",`
			`"/hangfire"`
			`];`

			`private readonly RequestDelegate _next;`

			`public PlanLimitMiddleware(RequestDelegate next)`
			`{`
			`_next = next;`
			`}`

			`public async Task InvokeAsync(HttpContext context, ITenantContext tenant, IPlanLimitChecker planLimitChecker)`
			`{`
			`if (ShouldSkip(context.Request.Path))`
			`{`
			`await _next(context);`
			`return;`
			`}`

			`if (context.User.Identity?.IsAuthenticated == true)`
			`{`
			`var (allowed, code, message) = await planLimitChecker.CheckAsync(context, tenant, context.RequestAborted);`
			`if (!allowed)`
			`{`
			`context.Response.StatusCode = StatusCodes.Status403Forbidden;`
			`context.Response.ContentType = "application/json";`
			`var payload = new ApiResponse<object>(false, null, new ApiError(code!, message!));`
			`await context.Response.WriteAsync(JsonSerializer.Serialize(payload, new JsonSerializerOptions`
			`{`
			`PropertyNamingPolicy = JsonNamingPolicy.CamelCase`
			`}));`
			`return;`
			`}`
			`}`

			`await _next(context);`
			`}`

			`private static bool ShouldSkip(PathString path)`
			`{`
			`var value = path.Value ?? string.Empty;`
			`return SkipPrefixes.Any(p => value.StartsWith(p, StringComparison.OrdinalIgnoreCase));`
			`}`
			`}`