43 lines
1.3 KiB
PHP
43 lines
1.3 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace app\api\middleware;
|
|
|
|
use Webman\Http\Request;
|
|
use Webman\Http\Response;
|
|
use Webman\MiddlewareInterface;
|
|
use app\api\logic\UserLogic;
|
|
use app\api\util\ReturnCode;
|
|
use plugin\saiadmin\exception\ApiException;
|
|
|
|
/**
|
|
* 校验 user-token 请求头
|
|
* 从 header 读取 user-token 或 Authorization: Bearer <user-token>,校验通过后将 user_id、userToken 写入 request 供控制器使用
|
|
*/
|
|
class CheckUserTokenMiddleware implements MiddlewareInterface
|
|
{
|
|
public function process(Request $request, callable $handler): Response
|
|
{
|
|
$token = $request->header('user-token');
|
|
if (empty($token)) {
|
|
$auth = $request->header('authorization');
|
|
if ($auth && stripos($auth, 'Bearer ') === 0) {
|
|
$token = trim(substr($auth, 7));
|
|
}
|
|
}
|
|
if (empty($token)) {
|
|
throw new ApiException('请携带 user-token', ReturnCode::UNAUTHORIZED);
|
|
}
|
|
|
|
$userId = UserLogic::getUserIdFromToken($token);
|
|
if ($userId === null) {
|
|
throw new ApiException('user-token 无效或已过期', ReturnCode::TOKEN_INVALID);
|
|
}
|
|
|
|
$request->user_id = $userId;
|
|
$request->userToken = $token;
|
|
|
|
return $handler($request);
|
|
}
|
|
}
|