添加authToken和userToken

server/app/api/middleware/CheckUserTokenMiddleware.php

@@ -0,0 +1,42 @@
+<?php
+declare(strict_types=1);
+
+namespace app\api\middleware;
+
+use Webman\Http\Request;
+use Webman\Http\Response;
+use Webman\MiddlewareInterface;
+use app\api\logic\UserLogic;
+use app\api\util\ReturnCode;
+use plugin\saiadmin\exception\ApiException;
+
+/**
+ * 校验 user-token 请求头
+ * 从 header 读取 user-token 或 Authorization: Bearer <user-token>，校验通过后将 user_id、userToken 写入 request 供控制器使用
+ */
+class CheckUserTokenMiddleware implements MiddlewareInterface
+{
+    public function process(Request $request, callable $handler): Response
+    {
+        $token = $request->header('user-token');
+        if (empty($token)) {
+            $auth = $request->header('authorization');
+            if ($auth && stripos($auth, 'Bearer ') === 0) {
+                $token = trim(substr($auth, 7));
+            }
+        }
+        if (empty($token)) {
+            throw new ApiException('请携带 user-token', ReturnCode::MISSING_TOKEN);
+        }
+
+        $userId = UserLogic::getUserIdFromToken($token);
+        if ($userId === null) {
+            throw new ApiException('user-token 无效或已过期', ReturnCode::TOKEN_TIMEOUT);
+        }
+
+        $request->user_id = $userId;
+        $request->userToken = $token;
+
+        return $handler($request);
+    }
+}