<?php
namespace app\api\middleware;

use app\common\service\AuthService;
use think\Db;

class AuthMiddleware
{
    public function handle($request, \Closure $next)
    {
        // 获取Authorization头
        $authHeader = $request->header('authorization');

        if (!$authHeader) {
            return json(['code' => 401, 'error' => 'Missing Authorization header'], 401);
        }

        // 解析Bearer Token
        if (!preg_match('/Bearer\s(\S+)/', $authHeader, $matches)) {
            return json(['code' => 401, 'error' => 'Invalid token format'], 401);
        }

        $apiKey = $matches[1];
        $authService = new AuthService($apiKey);

        // 验证密钥有效性
        if (!$authService->verifyApiKey()) {
            return json(['code' => 403, 'error' => 'Invalid API key'], 403);
        }

        // 将开发者信息注入请求对象
        $request->developer = $authService->getDeveloperInfo();

        //默认不限流

        // 在中间件最后记录
        Db::name('api_logs')->insert([
            'api_key'    => $apiKey,
            'endpoint'   => $request->url(),
            'ip'         => $request->ip(),
            //'created_at' => time()
        ]);


        return $next($request);
    }
}