75 lines
2.3 KiB
PHP
75 lines
2.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use App\Constants\ErrorCode;
|
|
use App\Models\Client;
|
|
use App\Services\Auth\TokenService;
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class ValidateAccessToken
|
|
{
|
|
public function __construct(
|
|
private readonly TokenService $tokenService
|
|
) {}
|
|
|
|
public function handle(Request $request, Closure $next): Response
|
|
{
|
|
// 禁止訪問管理員路由
|
|
if (str_starts_with($request->path(), 'api/admin')) {
|
|
return response()->json([
|
|
'success' => false,
|
|
'error' => ErrorCode::FORBIDDEN,
|
|
'message' => '客戶用戶無權訪問管理員資源。',
|
|
], Response::HTTP_FORBIDDEN);
|
|
}
|
|
|
|
$bearerToken = $request->bearerToken();
|
|
|
|
if (!$bearerToken) {
|
|
return response()->json([
|
|
'success' => false,
|
|
'error' => ErrorCode::UNAUTHORIZED,
|
|
'message' => '未授權,令牌無效或未提供。',
|
|
], Response::HTTP_UNAUTHORIZED);
|
|
}
|
|
|
|
$tokenData = $this->tokenService->validateAccessToken($bearerToken);
|
|
|
|
if (!$tokenData) {
|
|
return response()->json([
|
|
'success' => false,
|
|
'error' => ErrorCode::UNAUTHORIZED,
|
|
'message' => '訪問令牌無效或已過期。',
|
|
], Response::HTTP_UNAUTHORIZED);
|
|
}
|
|
|
|
// 檢查客戶狀態
|
|
$client = Client::find($tokenData['client_id']);
|
|
if (!$client || !$client->isActive()) {
|
|
return response()->json([
|
|
'success' => false,
|
|
'error' => ErrorCode::CLIENT_INACTIVE,
|
|
'message' => '客戶帳戶未啟用。',
|
|
], Response::HTTP_FORBIDDEN);
|
|
}
|
|
|
|
// 檢查 LLM 提供商狀態
|
|
if (!$client->canSendLlmRequest()) {
|
|
return response()->json([
|
|
'success' => false,
|
|
'error' => ErrorCode::PROVIDER_ERROR,
|
|
'message' => 'LLM 提供商服務暫時不可用。',
|
|
], Response::HTTP_SERVICE_UNAVAILABLE);
|
|
}
|
|
|
|
// 將客戶信息添加到請求中
|
|
$request->merge(['client' => $client]);
|
|
|
|
return $next($request);
|
|
}
|
|
}
|