136 lines
4.3 KiB
PHP
136 lines
4.3 KiB
PHP
<?php
|
|
|
|
namespace app\middleware;
|
|
|
|
use Webman\Http\Request;
|
|
use Webman\Http\Response;
|
|
use Webman\MiddlewareInterface;
|
|
use GRPC\Auth\AuthClient;
|
|
use GRPC\Auth\ValidateJwtTokenReq;
|
|
use GRPC\Auth\JwtVerifyResult;
|
|
|
|
class Jwt implements MiddlewareInterface
|
|
{
|
|
protected $authClient;
|
|
|
|
public function __construct()
|
|
{
|
|
// 初始化 AuthClient
|
|
$host = "192.168.21.27:22101"; // 替换为你的 Auth 服务地址
|
|
$this->authClient = new AuthClient($host);
|
|
}
|
|
|
|
public function process(Request $request, callable $handler): Response
|
|
{
|
|
// 从请求头中获取 JWT token
|
|
$jwtToken = $request->header('Authorization');
|
|
|
|
if (!$jwtToken) {
|
|
return Json([
|
|
'code' => 1,
|
|
'msg' => 'Authorization token is missing',
|
|
'data' => []
|
|
]);
|
|
}
|
|
|
|
// 去除 Bearer 前缀
|
|
if (strpos($jwtToken, 'Bearer ') === 0) {
|
|
$jwtToken = substr($jwtToken, 7);
|
|
}
|
|
// try {
|
|
// 创建 GRPC 请求
|
|
// dump($jwtToken);
|
|
$grpcRequest = new ValidateJwtTokenReq();
|
|
$grpcRequest->setJwtToken($jwtToken);
|
|
// 调用 GRPC 服务
|
|
// list($response, $status) = $this->authClient->ValidateJwtToken($grpcRequest);
|
|
$responseAuth = $this->authClient->ValidateJwtToken($grpcRequest);
|
|
|
|
|
|
// 检查验证结果
|
|
// 获取验证结果
|
|
$result = $responseAuth->getResult();
|
|
|
|
// 根据验证结果返回不同的消息
|
|
switch ($result) {
|
|
case JwtVerifyResult::JWT_VERIFY_OK:
|
|
// Token 验证成功,继续执行下层逻辑
|
|
break;
|
|
|
|
case JwtVerifyResult::JWT_VERIFY_BAD_FORMAT:
|
|
return Json([
|
|
'code' => 1,
|
|
'msg' => 'Invalid token format',
|
|
'data' => []
|
|
]);
|
|
|
|
case JwtVerifyResult::JWT_VERIFY_SIGN_FAILED:
|
|
return Json([
|
|
'code' => 1,
|
|
'msg' => 'Token signature is invalid',
|
|
'data' => []
|
|
]);
|
|
|
|
case JwtVerifyResult::JWT_VERIFY_EXPIRED:
|
|
return Json([
|
|
'code' => 1,
|
|
'msg' => 'Token has expired',
|
|
'data' => []
|
|
]);
|
|
|
|
case JwtVerifyResult::JWT_VERIFY_REVOKED:
|
|
return Json([
|
|
'code' => 1,
|
|
'msg' => 'Token has been revoked',
|
|
'data' => []
|
|
]);
|
|
|
|
case JwtVerifyResult::JWT_VERSION_LOW:
|
|
return Json([
|
|
'code' => 1,
|
|
'msg' => 'Token version is too low',
|
|
'data' => []
|
|
]);
|
|
|
|
default:
|
|
return Json([
|
|
'code' => 1,
|
|
'msg' => 'Unknown token verification error',
|
|
'data' => []
|
|
]);
|
|
}
|
|
|
|
// 将解析的 claims 数据传递给下层业务逻辑
|
|
$claims = $responseAuth->getClaims();
|
|
|
|
if ($claims) {
|
|
// 获取 uid 和 merchant_id
|
|
$uid = $claims->getUid();
|
|
$merchantId = $claims->getMerchantId();
|
|
|
|
// dump("UID: " . $uid); // 打印 uid
|
|
// dump("Merchant ID: " . $merchantId); // 打印 merchant_id
|
|
|
|
// 将 claims 数据附加到请求对象中,供后续使用
|
|
$request->jwtClaims = [
|
|
'uid' => $uid,
|
|
'merchant_id' => $merchantId
|
|
];
|
|
}
|
|
|
|
// 检查是否存在新 token
|
|
$newToken = $responseAuth->getNewToken();
|
|
|
|
if ($newToken) {
|
|
$request->jwtNewToken = $newToken;
|
|
// response()->withHeader('X-New-Token',$newToken);
|
|
}
|
|
|
|
// 如果验证通过,则继续处理请求
|
|
return $handler($request);
|
|
// } catch (\Exception $e) {
|
|
// return new Response(500, [], json_encode(['error' => 'Internal server error']));
|
|
// }
|
|
}
|
|
}
|