first

server-api/app/middleware/AppAuthMiddleware.php

@@ -0,0 +1,57 @@
+<?php
+
+namespace app\middleware;
+
+use app\support\AppAuthService;
+use Webman\Http\Request;
+use Webman\Http\Response;
+use Webman\MiddlewareInterface;
+
+class AppAuthMiddleware implements MiddlewareInterface
+{
+    public function process(Request $request, callable $handler): Response
+    {
+        $path = $request->path();
+        if (!str_starts_with($path, '/api/app')) {
+            return $handler($request);
+        }
+
+        if ($request->method() === 'OPTIONS') {
+            return $handler($request);
+        }
+
+        $authService = new AppAuthService();
+        $userInfo = $authService->current($request);
+        if ($userInfo) {
+            $request->appUser = $userInfo;
+        }
+
+        if ($this->isPublicPath($path)) {
+            return $handler($request);
+        }
+
+        if (!$userInfo) {
+            return api_error('未登录或登录已过期', 401);
+        }
+
+        return $handler($request);
+    }
+
+    private function isPublicPath(string $path): bool
+    {
+        return in_array($path, [
+            '/api/app/home/index',
+            '/api/app/content/page-visuals',
+            '/api/app/catalog/brands',
+            '/api/app/help-center',
+            '/api/app/help-article/detail',
+            '/api/app/report/detail',
+            '/api/app/verify',
+            '/api/app/material-tag',
+            '/api/app/material-tag/verify',
+            '/api/app/auth/send-code',
+            '/api/app/auth/login/code',
+            '/api/app/auth/login/password',
+        ], true);
+    }
+}