deny access unverified clients

app/Http/Kernel.php

@@ -35,13 +35,15 @@ class Kernel extends HttpKernel
             \Illuminate\Session\Middleware\StartSession::class,
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
             \App\Http\Middleware\VerifyCsrfToken::class,
-            \Illuminate\Routing\Middleware\SubstituteBindings::class, 
+            \Illuminate\Routing\Middleware\SubstituteBindings::class,
             \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
+            \App\Http\Middleware\VerifyAccount::class,
         ],
 
         'api' => [
             'throttle:api',
             \Illuminate\Routing\Middleware\SubstituteBindings::class,
+            \App\Http\Middleware\VerifyAccount::class,
         ],
     ];
 
@@ -69,5 +71,7 @@ class Kernel extends HttpKernel
         'scope' => \App\Http\Middleware\CheckForAnyScope::class,
         'wants.json' => \App\Http\Middleware\ResponseIsJson::class,
         'authorize' => \App\Http\Middleware\DenyGrantType::class,
+        'verify.account' => \App\Http\Middleware\VerifyAccount::class,
+
     ];
 }

app/Http/Middleware/VerifyAccount.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Elyerr\ApiResponse\Exceptions\ReportError;
+use Illuminate\Http\Request;
+
+class VerifyAccount
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse)  $next
+     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        if ($request->user() and $request->user()->isClient() and !$request->user()->verified_at ) {
+            throw new ReportError(__('please, check your email address to activate your account'), 403);
+        }
+
+        return $next($request);
+
+    }
+}