<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Redis;
use Tymon\JWTAuth\Exceptions\JWTException;
use Tymon\JWTAuth\Exceptions\TokenExpiredException;
use Tymon\JWTAuth\Exceptions\TokenInvalidException;
use Tymon\JWTAuth\Facades\JWTAuth;
class JwtAuthMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
try {
$token = JWTAuth::getToken();
if(empty($token)){
$error = [
'message' => 'token is required',
'code' => 401,
];
return response()->json($error)->setStatusCode(401);
}
$data = JWTAuth::decode($token)['user'];
//检测token是否存在黑名单中
if(Redis::zscore('blacklist_token', $token->get())){
$error = [
'message' => 'token in blacklist',
'code' => 401,
];
return response()->json($error)->setStatusCode(401);
}
if ($data->sign !== md5($data->uid . config('customer.jwt_secret'))) {
$error = [
'message' => 'request is not allow',
'code' => 401,
];
return response()->json($error);
}
} catch (TokenExpiredException $e) {
$error = [
'message' => 'Token is Expired',
'code' => 401,
];
return response()->json($error)->setStatusCode(401);
} catch (TokenInvalidException $e) {
$error = [
'message' => $e->getMessage(),
'code' => 401,
];
return response()->json($error)->setStatusCode(401);
} catch (JWTException $e) {
$error = [
'message' => $e->getMessage(),
'code' => 401,
];
return response()->json($error)->setStatusCode(401);
}catch (\Exception $e){
$error = [
'message' => $e->getMessage(),
'code' => 401,
];
return response()->json($error)->setStatusCode(401);
}
return $next($request);
}
}