<?php

namespace App\Http\Middleware;

use App\Servers\PermissionServer;
use Closure;

class AdminAuthMiddleware
{
    private $noAuth = [
        'adminApi.token',
        'adminApi.index',
        'adminApi.login',
        'adminApi.logout',
        'adminApi.check_code',
        'adminApi.reset',
    ];
    /**
     * Handle an incoming request.
     *
     * @param \Illuminate\Http\Request $request
     * @param \Closure $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $clientRoute = request()->route()->getName();//获取当前路由

        if (in_array($clientRoute, $this->noAuth)) {//不需要验证的路由
            return $next($request);
        }

        //获取当前用户
        $user = app('auth')->user();
        if(!$user){
            return response()->json([
                'msg'   => '请先登录',
                'code'  => 2,
                'data' => []
            ]);
        }
        //进行路由验证
        $ret = PermissionServer::verifyAuth($user->{'roles_id'}, $clientRoute);

        if (empty($ret) && $user->{'id'} != 1) {
            return response()->json([
                'msg'   => '暂无权限',
                'code'  => 0,
                'data' => []
            ]);
        }
        return $next($request);
    }
}