add: full multi-tenancy control

packages/Webkul/Core/src/Config/concord.php

@@ -0,0 +1,25 @@
+<?php
+
+return [
+    'modules' => [
+        \Webkul\Activity\Providers\ModuleServiceProvider::class,
+        \Webkul\Admin\Providers\ModuleServiceProvider::class,
+        \Webkul\Attribute\Providers\ModuleServiceProvider::class,
+        \Webkul\Automation\Providers\ModuleServiceProvider::class,
+        \Webkul\Contact\Providers\ModuleServiceProvider::class,
+        \Webkul\Core\Providers\ModuleServiceProvider::class,
+        \Webkul\DataGrid\Providers\ModuleServiceProvider::class,
+        \Webkul\EmailTemplate\Providers\ModuleServiceProvider::class,
+        \Webkul\Email\Providers\ModuleServiceProvider::class,
+        \Webkul\Lead\Providers\ModuleServiceProvider::class,
+        \Webkul\Product\Providers\ModuleServiceProvider::class,
+        \Webkul\Quote\Providers\ModuleServiceProvider::class,
+        \Webkul\Tag\Providers\ModuleServiceProvider::class,
+        \Webkul\User\Providers\ModuleServiceProvider::class,
+        \Webkul\Warehouse\Providers\ModuleServiceProvider::class,
+        \Webkul\WebForm\Providers\ModuleServiceProvider::class,
+        \Webkul\DataTransfer\Providers\ModuleServiceProvider::class,
+    ],
+
+    'register_route_models' => true,
+];

packages/Webkul/Core/src/Config/cors.php

@@ -0,0 +1,62 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Laravel CORS Options
+    |--------------------------------------------------------------------------
+    |
+    | The allowed_methods and allowed_headers options are case-insensitive.
+    |
+    | You don't need to provide both allowed_origins and allowed_origins_patterns.
+    | If one of the strings passed matches, it is considered a valid origin.
+    |
+    | If ['*'] is provided to allowed_methods, allowed_origins or allowed_headers
+    | all methods / origins / headers are allowed.
+    |
+    */
+
+    /*
+     * You can enable CORS for 1 or multiple paths.
+     * Example: ['api/*']
+     */
+    'paths' => [
+        'admin/web-forms/forms/*',
+    ],
+
+    /*
+    * Matches the request method. `['*']` allows all methods.
+    */
+    'allowed_methods' => ['*'],
+
+    /*
+     * Matches the request origin. `['*']` allows all origins. Wildcards can be used, eg `*.mydomain.com`
+     */
+    'allowed_origins' => ['*'],
+
+    /*
+     * Patterns that can be used with `preg_match` to match the origin.
+     */
+    'allowed_origins_patterns' => [],
+
+    /*
+     * Sets the Access-Control-Allow-Headers response header. `['*']` allows all headers.
+     */
+    'allowed_headers' => ['*'],
+
+    /*
+     * Sets the Access-Control-Expose-Headers response header with these headers.
+     */
+    'exposed_headers' => [],
+
+    /*
+     * Sets the Access-Control-Max-Age response header when > 0.
+     */
+    'max_age' => 0,
+
+    /*
+     * Sets the Access-Control-Allow-Credentials header.
+     */
+    'supports_credentials' => false,
+];

packages/Webkul/Core/src/Config/sanctum.php

@@ -0,0 +1,65 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Stateful Domains
+    |--------------------------------------------------------------------------
+    |
+    | Requests from the following domains / hosts will receive stateful API
+    | authentication cookies. Typically, these should include your local
+    | and production domains which access your API via a frontend SPA.
+    |
+    */
+
+    'stateful' => explode(',', env('SANCTUM_STATEFUL_DOMAINS', sprintf(
+        '%s%s',
+        'localhost,localhost:3000,127.0.0.1,127.0.0.1:8000,::1',
+        env('APP_URL') ? ','.parse_url(env('APP_URL'), PHP_URL_HOST) : ''
+    ))),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Sanctum Guards
+    |--------------------------------------------------------------------------
+    |
+    | This array contains the authentication guards that will be checked when
+    | Sanctum is trying to authenticate a request. If none of these guards
+    | are able to authenticate the request, Sanctum will use the bearer
+    | token that's present on an incoming request for authentication.
+    |
+    */
+
+    'guard' => ['user'],
+
+    /*
+    |--------------------------------------------------------------------------
+    | Expiration Minutes
+    |--------------------------------------------------------------------------
+    |
+    | This value controls the number of minutes until an issued token will be
+    | considered expired. If this value is null, personal access tokens do
+    | not expire. This won't tweak the lifetime of first-party sessions.
+    |
+    */
+
+    'expiration' => null,
+
+    /*
+    |--------------------------------------------------------------------------
+    | Sanctum Middleware
+    |--------------------------------------------------------------------------
+    |
+    | When authenticating your first-party SPA with Sanctum you may need to
+    | customize some of the middleware Sanctum uses while processing the
+    | request. You may change the middleware listed below as required.
+    |
+    */
+
+    'middleware' => [
+        'verify_csrf_token' => App\Http\Middleware\VerifyCsrfToken::class,
+        'encrypt_cookies'   => App\Http\Middleware\EncryptCookies::class,
+    ],
+
+];