jwtManager = new JwtManager([ 'secret_key' => config('jwt.secret_key', 'your-secret-key'), 'algorithm' => config('jwt.algorithm', 'HS256'), 'expires_in' => config('jwt.expires_in', 3600), ]); } public function invoke(JoinPoint $joinPoint): mixed { $request = $this->getRequest(); // 检查是否需要认证 if ($this->isPublicRoute($request)) { return $joinPoint->proceed(); } // 获取令牌 $token = $this->extractToken($request); if (!$token) { return $this->unauthorizedResponse('Missing authentication token'); } // 验证令牌 try { $payload = $this->jwtManager->validateToken($token); } catch (\Exception $e) { return $this->unauthorizedResponse('Invalid or expired token'); } // 设置用户信息到上下文 $this->setUserContext($payload); return $joinPoint->proceed(); } /** * 获取当前请求对象 */ private function getRequest(): Request { return Request::createFromGlobals(); } /** * 检查是否为公开路由 */ private function isPublicRoute(Request $request): bool { $path = $request->path(); $method = $request->method(); $publicRoutes = [ // 登录相关 'POST:/api/auth/login', 'POST:/api/auth/register', 'POST:/api/auth/refresh', // 公开API 'GET:/api/health', 'GET:/api/version', // 静态资源 'GET:/', 'GET:/favicon.ico', ]; $currentRoute = "{$method}:{$path}"; // 精确匹配 if (in_array($currentRoute, $publicRoutes)) { return true; } // 模糊匹配 foreach ($publicRoutes as $route) { if (str_ends_with($route, '*')) { $prefix = substr($route, 0, -1); if (str_starts_with($currentRoute, $prefix)) { return true; } } } return false; } /** * 从请求中提取令牌 */ private function extractToken(Request $request): ?string { // 从Authorization头获取 $authHeader = $request->header('Authorization'); if ($authHeader) { $token = $this->jwtManager->extractTokenFromHeader($authHeader); if ($token) { return $token; } } // 从Cookie获取 $token = $request->cookie('token'); if ($token) { return $token; } // 从查询参数获取（不推荐，仅用于调试） $token = $request->get('token'); if ($token) { return $token; } return null; } /** * 设置用户上下文 */ private function setUserContext(array $payload): void { // 这里应该设置到全局上下文中 // Context::set('user_id', $payload['user_id']); // Context::set('username', $payload['username']); // Context::set('roles', $payload['roles'] ?? []); // Context::set('permissions', $payload['permissions'] ?? []); } /** * 返回未授权响应 */ private function unauthorizedResponse(string $message): HttpResponse { return (new HttpResponse()) ->setStatusCode(401) ->json([ 'code' => 401, 'message' => $message, 'data' => null, 'trace_id' => \Fendx\Core\Context\Context::getTraceId(), ]); } }