didong
/
4d_admin_backend


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
							<?php
/**
 * @Name
 * @Description
 * @Author 刘学玺
 * @Date 2023/11/24 16:25
 */

namespace App\Http\Middleware\Admin;

use App\Exceptions\ApiException;
use App\Exceptions\Code;
use App\Exceptions\Message;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Config;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenBlacklistedException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
use Tymon\JWTAuth\Exceptions\TokenInvalidException;
use Tymon\JWTAuth\Facades\JWTAuth;

class Authenticate
{
    public function handle(Request $request, Closure $next)
    {
        $route_data = $request->route();
        $url = str_replace($route_data->getAction()['prefix'] . '/', "", $route_data->uri);
        $url_arr = [
            'login',
            'logout'
        ];
        $api_key = $request->header('apikey');
        if ($api_key != config('admin.api_key')) {
            throw new ApiException(['code' => Code::TOKEN_ERROR_KEY, 'message' => Message::TOKEN_ERROR_KEY]);
        }
        if (in_array($url, $url_arr)) {
            return $next($request);
        }

        try {
            Config::set('auth.defaults.guard','admin');
            if (!JWTAuth::parseToken()->authenticate()) {  //获取到用户数据，并赋值给$user   'msg' => '用户不存在'
                throw new ApiException(['code' => Code::TOKEN_ERROR_SET, 'message' => Message::TOKEN_ERROR_SET]);
            }
        } catch (TokenBlacklistedException $e) {
            // 这个时候是老的token被拉到黑名单了
            throw new ApiException(['code' => Code::TOKEN_ERROR_BLACK, 'message' => Message::TOKEN_ERROR_BLACK]);
        } catch (TokenExpiredException $e) {
            //token已过期
            try {
                // 刷新用户的 token
                $token = JWTAuth::parseToken()->refresh();
                $access_token = 'Bearer '.$token;
                $request->headers->set('Authorization',$access_token);

                // 使用一次性登录以保证此次请求的成功
                Auth::guard('admin')->onceUsingId(JWTAuth::manager()->getPayloadFactory()->buildClaimsCollection()->toPlainArray()['sub']);

                $response = $next($request);
                $response->headers->set('Access-Control-Expose-Headers',"Authorization");
                $response->headers->set('Authorization', $access_token);
                return $response;
            } catch (JWTException $exception) {
                // 如果捕获到此异常，即代表 refresh 也过期了，用户无法刷新令牌，需要重新登录。
                throw new ApiException(['code' => Code::TOKEN_ERROR_EXPIRED, 'message' => Message::TOKEN_ERROR_EXPIRED]);
            }

//            throw new ApiException(['code' => Code::TOKEN_ERROR_EXPIRED, 'message' => Message::TOKEN_ERROR_EXPIRED]);
        } catch (TokenInvalidException $e) {
            //token无效
            throw new ApiException(['code' => Code::TOKEN_ERROR_JWT, 'message' => Message::TOKEN_ERROR_JWT]);
        } catch (JWTException $e) {
            //'缺少token'
            throw new ApiException(['code' => Code::TOKEN_ERROR_JTB, 'message' => Message::TOKEN_ERROR_JTB]);
        }
        // 写入日志
//        (new OperationLogService())->store($user['id']);
        return $next($request);
    }
}