40 lines
1.1 KiB
PHP
40 lines
1.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Http\Middleware;
|
|
|
|
use App\Constants\ErrorCode;
|
|
use Closure;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
|
|
class AdminAuthenticate
|
|
{
|
|
public function handle(Request $request, Closure $next): Response
|
|
{
|
|
// 检查是否已登录
|
|
if (!Auth::guard('admin')->check()) {
|
|
return response()->json([
|
|
'error' => ErrorCode::UNAUTHORIZED,
|
|
'message' => '未授权,请先登录。',
|
|
], Response::HTTP_UNAUTHORIZED);
|
|
}
|
|
|
|
$admin = Auth::guard('admin')->user();
|
|
|
|
// 检查是否是管理员
|
|
if (!$admin || !in_array($admin->role, ['super', 'admin'])) {
|
|
return response()->json([
|
|
'error' => ErrorCode::FORBIDDEN,
|
|
'message' => '无权访问管理员资源。',
|
|
], Response::HTTP_FORBIDDEN);
|
|
}
|
|
|
|
// Add admin information to the request
|
|
$request->merge(['admin' => $admin]);
|
|
|
|
return $next($request);
|
|
}
|
|
}
|