48 lines
1.3 KiB
PHP
48 lines
1.3 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use Closure;
|
|
use Illuminate\Http\JsonResponse;
|
|
use Illuminate\Http\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class AdminTokenAuth
|
|
{
|
|
public function handle(Request $request, Closure $next): Response
|
|
{
|
|
$configuredToken = (string) config('store.admin_token', env('STORE_ADMIN_TOKEN', ''));
|
|
|
|
if ($configuredToken === '') {
|
|
return response()->json([
|
|
'code' => 500,
|
|
'message' => 'admin token not configured',
|
|
'data' => null,
|
|
], 500);
|
|
}
|
|
|
|
$incomingToken = $this->extractToken($request);
|
|
if (!hash_equals($configuredToken, $incomingToken)) {
|
|
return response()->json([
|
|
'code' => 401,
|
|
'message' => 'unauthorized',
|
|
'data' => null,
|
|
], 401);
|
|
}
|
|
|
|
return $next($request);
|
|
}
|
|
|
|
private function extractToken(Request $request): string
|
|
{
|
|
$header = (string) $request->header('Authorization', '');
|
|
if (preg_match('/^Bearer\s+(.+)$/i', $header, $matches)) {
|
|
return trim($matches[1]);
|
|
}
|
|
|
|
return (string) ($request->header('X-Admin-Token')
|
|
?: $request->query('admin_token')
|
|
?: $request->input('admin_token', ''));
|
|
}
|
|
}
|