URL generation (front&back) + fixed authJWT for SSR

app/Http/Controllers/SubscriptionController.php

@@ -45,8 +45,8 @@ class SubscriptionController extends Controller
         $checkout = $checkoutBuilder
             ->collectTaxIds()
             ->checkout([
-                'success_url' => url('/subscriptions/success'),
-                'cancel_url' => url('/subscriptions/error'),
+                'success_url' => front_url('/subscriptions/success'),
+                'cancel_url' => front_url('/subscriptions/error'),
                 'billing_address_collection' => 'required',
                 'customer_update' => [
                     'address' => 'auto',

app/Http/Middleware/AuthenticateJWT.php

@@ -8,6 +8,7 @@ use Tymon\JWTAuth\Exceptions\JWTException;
 
 class AuthenticateJWT
 {
+    const API_SERVER_SECRET_HEADER_NAME = 'x-api-secret';
 
     /**
      * Verifies the JWT token and validates the IP and User Agent
@@ -24,6 +25,13 @@ class AuthenticateJWT
 
         // Validate IP and User Agent
         if ($payload) {
+            if ($frontApiSecret = $request->header(self::API_SERVER_SECRET_HEADER_NAME)) {
+                // If it's a trusted SSR request, skip the rest
+                if ($frontApiSecret === config('app.front_api_secret')) {
+                    return $next($request);
+                }
+            }
+
             $error = null;
             if (!\Hash::check($request->ip(), $payload->get('ip'))) {
                 $error = 'Origin IP is invalid';