，校验通过后将 user_id、userToken 写入 request 供控制器使用 */ class CheckUserTokenMiddleware implements MiddlewareInterface { public function process(Request $request, callable $handler): Response { $token = $request->header('user-token'); if (empty($token)) { $auth = $request->header('authorization'); if ($auth && stripos($auth, 'Bearer ') === 0) { $token = trim(substr($auth, 7)); } } if (empty($token)) { throw new ApiException('请携带 user-token', ReturnCode::UNAUTHORIZED); } $userId = UserLogic::getUserIdFromToken($token); if ($userId === null) { throw new ApiException('user-token 无效或已过期', ReturnCode::TOKEN_INVALID); } $request->user_id = $userId; $request->userToken = $token; return $handler($request); } }