agent_id */ class AuthTokenMiddleware implements MiddlewareInterface { public function process(Request $request, callable $handler): Response { $token = $request->header('auth-token'); $token = $token !== null ? trim((string) $token) : ''; if ($token === '') { throw new ApiException('Please provide auth-token', ReturnCode::UNAUTHORIZED); } try { $decoded = JwtToken::verify(1, $token); } catch (JwtTokenExpiredException $e) { throw new ApiException('auth-token expired', ReturnCode::TOKEN_INVALID); } catch (JwtTokenException $e) { throw new ApiException('auth-token invalid', ReturnCode::TOKEN_INVALID); } catch (\Throwable $e) { throw new ApiException('auth-token format invalid', ReturnCode::TOKEN_INVALID); } $extend = $decoded['extend'] ?? []; if ((string) ($extend['plat'] ?? '') !== 'api_auth_token') { throw new ApiException('auth-token invalid', ReturnCode::TOKEN_INVALID); } $agentId = trim((string) ($extend['agent_id'] ?? '')); if ($agentId === '') { throw new ApiException('auth-token invalid', ReturnCode::TOKEN_INVALID); } $currentToken = AuthTokenCache::getTokenByAgentId($agentId); if ($currentToken === null || $currentToken !== $token) { throw new ApiException('auth-token invalid or expired', ReturnCode::TOKEN_INVALID); } $request->agent_id = $agentId; return $handler($request); } }