35 lines
752 B
PHP
35 lines
752 B
PHP
<?php
|
|
/**
|
|
* Simple Authentication Middleware
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Middleware;
|
|
|
|
use App\Core\JWT;
|
|
|
|
final class AuthMiddleware
|
|
{
|
|
public static function check(): array
|
|
{
|
|
$headers = getallheaders();
|
|
$authHeader = $headers['Authorization'] ?? $headers['authorization'] ?? '';
|
|
|
|
if (!str_starts_with($authHeader, 'Bearer ')) {
|
|
json_error('Unauthorized: Missing or invalid token', 401);
|
|
}
|
|
|
|
$token = substr($authHeader, 7);
|
|
$secret = env('JWT_SECRET');
|
|
|
|
$decoded = JWT::decode($token, $secret);
|
|
|
|
if (!$decoded) {
|
|
json_error('Unauthorized: Invalid or expired token', 401);
|
|
}
|
|
|
|
return $decoded;
|
|
}
|
|
}
|