path(), '/'); if ($this->isWhitelist($path)) { return $handler($request); } $token = $request->header('auth-token'); if (empty($token)) { $auth = $request->header('authorization'); if ($auth && stripos($auth, 'Bearer ') === 0) { $token = trim(substr($auth, 7)); } } if (empty($token)) { throw new ApiException('缺少 auth-token，请先调用 /api/authToken 获取', 401); } try { // ACCESS_TOKEN = 1（JwtToken 内部私有常量） $decoded = JwtToken::verify(1, $token); $extend = $decoded['extend'] ?? []; if (($extend['plat'] ?? '') !== 'api') { throw new ApiException('auth-token 无效', 401); } } catch (JwtTokenExpiredException $e) { Log::error('code=401, auth-token 已过期，请重新获取, 报错信息'. $e); throw new ApiException('auth-token 已过期，请重新获取', 401); } catch (JwtTokenException $e) { Log::error('code=401, message=auth-token 无效, 报错信息'. $e); throw new ApiException($e->getMessage() ?: 'auth-token 无效', 401); } catch (\Throwable $e) { Log::error('code=401, message=auth-token 校验失败, 报错信息'. $e); throw new ApiException('auth-token 校验失败', 401); } return $handler($request); } private function isWhitelist(string $path): bool { foreach (self::WHITELIST as $prefix) { if ($path === $prefix || str_starts_with($path, $prefix . '/')) { return true; } } return false; } }