<?php
namespace app\api\middleware;

use Webman\MiddlewareInterface;
use Webman\Http\Request;
use Webman\Http\Response;
use app\common\service\AuthService;

class AuthMiddleware implements MiddlewareInterface
{
    public function process(Request $request, callable $handler): Response
    {
        $token = $this->getBearerToken($request);
        $user = AuthService::getUserByToken($token);
        if (!$user) {
            return jsonResponse(null, '未登录', 401);
        }
        $request->user = $user;
        $request->token = $token;
        return $handler($request);
    }

    protected function getBearerToken(Request $request): ?string
    {
        $authorization = $request->header('authorization');
        if (!$authorization) {
            return null;
        }
        if (stripos($authorization, 'Bearer ') === 0) {
            return trim(substr($authorization, 7));
        }
        return trim($authorization);
    }
}