dafuweng-saiadmin6.x/server/app/api/middleware/TokenMiddleware.php

<?php
declare(strict_types=1);

namespace app\api\middleware;

use app\api\cache\UserCache;
use app\api\util\ReturnCode;
use app\dice\model\player\DicePlayer;
use plugin\saiadmin\exception\ApiException;
use Tinywan\Jwt\JwtToken;
use Tinywan\Jwt\Exception\JwtTokenException;
use Tinywan\Jwt\Exception\JwtTokenExpiredException;
use Webman\Http\Request;
use Webman\Http\Response;
use Webman\MiddlewareInterface;

/**
 * 校验 token 请求头（JWT）
 * 解码 JWT 取 username，与 Redis 中当前有效 token 比对；不一致则旧 token 已失效，请重新登录
 * 通过后注入 request->player_id、request->player
 */
class TokenMiddleware implements MiddlewareInterface
{
    public function process(Request $request, callable $handler): Response
    {
        $token = $request->header('token');
        if ($token === null || $token === '') {
            $auth = $request->header('authorization');
            if ($auth && stripos($auth, 'Bearer ') === 0) {
                $token = trim(substr($auth, 7));
            }
        }
        $token = $token !== null ? trim((string) $token) : '';
        if ($token === '') {
            throw new ApiException('请携带 token', ReturnCode::UNAUTHORIZED);
        }

        try {
            $decoded = JwtToken::verify(1, $token);
        } catch (JwtTokenExpiredException $e) {
            throw new ApiException('token 已过期，请重新登录', ReturnCode::TOKEN_INVALID);
        } catch (JwtTokenException $e) {
            throw new ApiException('token 无效', ReturnCode::TOKEN_INVALID);
        } catch (\Throwable $e) {
            throw new ApiException('token 格式无效', ReturnCode::TOKEN_INVALID);
        }

        $extend = $decoded['extend'] ?? [];
        if ((string) ($extend['plat'] ?? '') !== 'api_login') {
            throw new ApiException('token 无效', ReturnCode::TOKEN_INVALID);
        }
        $username = trim((string) ($extend['username'] ?? ''));
        if ($username === '') {
            throw new ApiException('token 无效', ReturnCode::TOKEN_INVALID);
        }

        $currentToken = UserCache::getSessionTokenByUsername($username);
        if ($currentToken === null || $currentToken === '') {
            $player = DicePlayer::where('username', $username)->find();
            if (!$player) {
                throw new ApiException('请注册', ReturnCode::TOKEN_INVALID);
            }
            throw new ApiException('请重新登录', ReturnCode::TOKEN_INVALID);
        }
        if ($currentToken !== $token) {
            throw new ApiException('请重新登录（当前账号已在其他处登录）', ReturnCode::TOKEN_INVALID);
        }

        $player = DicePlayer::where('username', $username)->find();
        if (!$player) {
            UserCache::deleteSessionByUsername($username);
            throw new ApiException('请重新登录', ReturnCode::TOKEN_INVALID);
        }
        $request->player_id = (int) $player->id;
        $request->player = $player;
        return $handler($request);
    }
}