first commit

app/Http/Middleware/AdminTokenAuth.php

@@ -0,0 +1,47 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\JsonResponse;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class AdminTokenAuth
+{
+    public function handle(Request $request, Closure $next): Response
+    {
+        $configuredToken = (string) config('store.admin_token', env('STORE_ADMIN_TOKEN', ''));
+
+        if ($configuredToken === '') {
+            return response()->json([
+                'code' => 500,
+                'message' => 'admin token not configured',
+                'data' => null,
+            ], 500);
+        }
+
+        $incomingToken = $this->extractToken($request);
+        if (!hash_equals($configuredToken, $incomingToken)) {
+            return response()->json([
+                'code' => 401,
+                'message' => 'unauthorized',
+                'data' => null,
+            ], 401);
+        }
+
+        return $next($request);
+    }
+
+    private function extractToken(Request $request): string
+    {
+        $header = (string) $request->header('Authorization', '');
+        if (preg_match('/^Bearer\s+(.+)$/i', $header, $matches)) {
+            return trim($matches[1]);
+        }
+
+        return (string) ($request->header('X-Admin-Token')
+            ?: $request->query('admin_token')
+            ?: $request->input('admin_token', ''));
+    }
+}

app/Http/Middleware/WebAdminTokenAuth.php

@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Symfony\Component\HttpFoundation\Response;
+
+class WebAdminTokenAuth
+{
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (!Auth::check()) {
+            return redirect()->route('webadmin.login', [
+                'redirect' => $request->fullUrl(),
+            ])->with('error', '请先登录后台账号');
+        }
+
+        return $next($request);
+    }
+}