From 694fb378f06259676b961dcf7f889d69828b7b9f Mon Sep 17 00:00:00 2001
From: "iVampireSP.com" <im@ivampiresp.com>
Date: Sun, 14 May 2023 18:26:27 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=20API=20Token?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .env.example                     | 13 +++++--
 app/Http/Middleware/ApiToken.php | 61 ++++++++++++++++++++++++++++++++
 config/app.php                   |  2 ++
 3 files changed, 73 insertions(+), 3 deletions(-)
 create mode 100644 app/Http/Middleware/ApiToken.php

diff --git a/.env.example b/.env.example
index 863981e..36a2a85 100644
--- a/.env.example
+++ b/.env.example
@@ -16,10 +16,10 @@ DB_USERNAME=root
 DB_PASSWORD=
 
 BROADCAST_DRIVER=log
-CACHE_DRIVER=file
+CACHE_DRIVER=redis
 FILESYSTEM_DISK=local
-QUEUE_CONNECTION=sync
-SESSION_DRIVER=file
+QUEUE_CONNECTION=redis
+SESSION_DRIVER=redis
 SESSION_LIFETIME=120
 
 MEMCACHED_HOST=127.0.0.1
@@ -56,3 +56,10 @@ VITE_PUSHER_HOST="${PUSHER_HOST}"
 VITE_PUSHER_PORT="${PUSHER_PORT}"
 VITE_PUSHER_SCHEME="${PUSHER_SCHEME}"
 VITE_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
+
+OAUTH_REDIRECT_URI=http://frp.test/auth/callback
+OAUTH_CLIENT_ID=7
+OAUTH_CLIENT_SECRET=pkLhb8AwxfrKTqjROcgKbEEgtgTieYRatjlsdbYN
+OAUTH_DOMAIN=http://oauth.test
+
+API_TOKEN=123456
diff --git a/app/Http/Middleware/ApiToken.php b/app/Http/Middleware/ApiToken.php
new file mode 100644
index 0000000..b2622c3
--- /dev/null
+++ b/app/Http/Middleware/ApiToken.php
@@ -0,0 +1,61 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Models\User;
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Http;
+
+class ApiToken
+{
+    public function handle(Request $request, Closure $next)
+    {
+        // add json header
+        $request->headers->set('Accept', 'application/json');
+
+        // bearer token
+        if (! $request->hasHeader('Authorization')) {
+            return $this->unauthorized();
+        }
+
+        $token = $request->bearerToken();
+
+        $config_token = config('app.api_token');
+
+        if ($config_token == null) {
+            return $this->unauthorized();
+        }
+
+        if ($token !== $config_token) {
+            return $this->unauthorized();
+        }
+
+        if ($request->user_id) {
+            $user = User::where('id', $request->user_id)->first();
+            // if user null
+            if (! $user) {
+                $http = Http::remote('remote')->asForm();
+                $user = $http->get('/users/'.$request->user_id)->json();
+
+                $user = User::create([
+                    'id' => $user['id'],
+                    'name' => $user['name'],
+                    'email' => $user['email'],
+                ]);
+            }
+
+            Auth::guard('user')->login($user);
+        }
+
+        return $next($request);
+    }
+
+    public function unauthorized()
+    {
+        return response()->json([
+            'message' => 'Unauthorized.',
+        ], 401);
+    }
+}
diff --git a/config/app.php b/config/app.php
index 5e3cf6c..39926f1 100644
--- a/config/app.php
+++ b/config/app.php
@@ -18,6 +18,8 @@
     'name' => env('APP_NAME', 'Laravel'),
     'display_name' => env('APP_DISPLAY_NAME', 'Laravel'),
 
+    'api_token' => env('API_TOKEN', null),
+
     /*
     |--------------------------------------------------------------------------
     | Application Environment