From 093d3df92defad2cadedd29cd926803afae91da3 Mon Sep 17 00:00:00 2001
From: Michael Schiemer <kontakt@michaelschiemer.de>
Date: Mon, 27 Oct 2025 12:31:57 +0100
Subject: [PATCH] chore: Update Usage of IpAddress Value Object

---
 .../ProductionSecurityMiddleware.php          | 24 +++++++++++--------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/src/Framework/Http/Middlewares/ProductionSecurityMiddleware.php b/src/Framework/Http/Middlewares/ProductionSecurityMiddleware.php
index 69dbbe5a..a8303f39 100644
--- a/src/Framework/Http/Middlewares/ProductionSecurityMiddleware.php
+++ b/src/Framework/Http/Middlewares/ProductionSecurityMiddleware.php
@@ -7,12 +7,14 @@ namespace App\Framework\Http\Middlewares;
 use App\Framework\Config\Environment;
 use App\Framework\Config\EnvKey;
 use App\Framework\Http\HttpMiddleware;
-use App\Framework\Http\JsonErrorResponse;
+use App\Framework\Http\IpAddress;
 use App\Framework\Http\MiddlewareContext;
 use App\Framework\Http\MiddlewarePriority;
 use App\Framework\Http\MiddlewarePriorityAttribute;
 use App\Framework\Http\Next;
 use App\Framework\Http\RequestStateManager;
+use App\Framework\Http\Responses\JsonResponse;
+use App\Framework\Http\Status;
 
 /**
  * Middleware to block sensitive routes in production environment
@@ -70,9 +72,9 @@ final readonly class ProductionSecurityMiddleware implements HttpMiddleware
         // Block sensitive debug routes completely in production
         if ($this->isBlockedRoute($path)) {
             return $context->withResponse(
-                new JsonErrorResponse(
-                    message: 'Not Found',
-                    statusCode: 404
+                new JsonResponse(
+                    body: ['error' => 'Not Found'],
+                    status: Status::NOT_FOUND
                 )
             );
         }
@@ -80,9 +82,9 @@ final readonly class ProductionSecurityMiddleware implements HttpMiddleware
         // Check IP whitelist for admin routes
         if ($this->isIpRestrictedRoute($path) && ! $this->isAllowedIp($clientIp)) {
             return $context->withResponse(
-                new JsonErrorResponse(
-                    message: 'Access Denied',
-                    statusCode: 403
+                new JsonResponse(
+                    body: ['error' => 'Access Denied'],
+                    status: Status::FORBIDDEN
                 )
             );
         }
@@ -112,14 +114,16 @@ final readonly class ProductionSecurityMiddleware implements HttpMiddleware
         return false;
     }
 
-    private function isAllowedIp(?string $clientIp): bool
+    private function isAllowedIp(?IpAddress $clientIp): bool
     {
         if ($clientIp === null) {
             return false;
         }
 
+        $ipString = (string) $clientIp;
+
         // Check if IP is in whitelist
-        if (in_array($clientIp, self::ALLOWED_IPS, true)) {
+        if (in_array($ipString, self::ALLOWED_IPS, true)) {
             return true;
         }
 
@@ -128,7 +132,7 @@ final readonly class ProductionSecurityMiddleware implements HttpMiddleware
         if (! empty($allowedIpsEnv)) {
             $allowedIps = array_map('trim', explode(',', $allowedIpsEnv));
 
-            return in_array($clientIp, $allowedIps, true);
+            return in_array($ipString, $allowedIps, true);
         }
 
         return false;