feat: 添加 Laravel Sanctum 支持，增强管理员 API 鉴权，更新相关中间件与路由配置

2026-05-09 11:11:46 +08:00
parent e478597d13
commit 8a70c029f6
20 changed files with 717 additions and 14 deletions
--- a/app/Http/Middleware/EnsureAdminApi.php
+++ b/app/Http/Middleware/EnsureAdminApi.php
@@ -2,19 +2,43 @@

 namespace App\Http\Middleware;

+use App\Lottery\ErrorCode;
+use App\Models\AdminUser;
+use App\Support\ApiResponse;
 use Closure;
 use Illuminate\Http\Request;
 use Symfony\Component\HttpFoundation\Response;

 /**
- * 后台 API 守卫：后续在此注入 Sanctum（admin_users）与权限校验。
- *
- * 当前为占位直通，勿在生产暴露敏感 admin 路由前长期保持空实现。
+ * 后台 API：`auth:sanctum` 之后执行，校验为 {@link AdminUser} 且未禁用；
+ * 上下文可通过 `$request->lotteryAdmin()` 读取。
 */
 class EnsureAdminApi
 {
    public function handle(Request $request, Closure $next): Response
    {
+        $user = $request->user();
+
+        if (! $user instanceof AdminUser) {
+            return ApiResponse::error(
+                trans('admin.unauthenticated', [], $request->lotteryLocale()),
+                ErrorCode::AdminUnauthenticated->value,
+                null,
+                401,
+            );
+        }
+
+        if ((int) $user->status !== 0) {
+            return ApiResponse::error(
+                trans('admin.account_disabled', [], $request->lotteryLocale()),
+                ErrorCode::AdminAccountDisabled->value,
+                null,
+                403,
+            );
+        }
+
+        $request->attributes->set('lottery_admin', $user);
+
        return $next($request);
    }
 }