44 lines
1.4 KiB
PHP
44 lines
1.4 KiB
PHP
<?php
|
|
|
|
namespace App\Middlewares;
|
|
|
|
use App\Core\Request;
|
|
use App\Core\Response;
|
|
use App\Core\Security;
|
|
|
|
class AuthMiddleware
|
|
{
|
|
/**
|
|
* Verifies the JWT token and populates request properties.
|
|
*/
|
|
public function handle(Request $request, Response $response): void
|
|
{
|
|
$authHeader = $request->getHeader('authorization', '');
|
|
|
|
if (!$authHeader || !preg_match('/Bearer\s(\S+)/i', $authHeader, $matches)) {
|
|
$response->json(['error' => 'Unauthorized', 'message' => 'Token not provided or invalid format'], 401);
|
|
exit;
|
|
}
|
|
|
|
$token = $matches[1];
|
|
$payload = Security::verifyJWT($token);
|
|
|
|
if (!$payload) {
|
|
$response->json(['error' => 'Unauthorized', 'message' => 'Invalid or expired token'], 401);
|
|
exit;
|
|
}
|
|
|
|
// Validate required custom payload elements
|
|
if (!isset($payload['user_id']) || !isset($payload['company_id']) || !isset($payload['role'])) {
|
|
$response->json(['error' => 'Unauthorized', 'message' => 'Malformed token payload structure'], 401);
|
|
exit;
|
|
}
|
|
|
|
// Attach user info to the Request instance dynamically so controllers can use it
|
|
$request->user_id = $payload['user_id'];
|
|
$request->company_id = $payload['company_id'];
|
|
$request->role = $payload['role'];
|
|
$request->is_super_admin = (int)$payload['company_id'] === 1;
|
|
}
|
|
}
|