<?php

namespace App\Middleware;

use App\Models\System;
use Illuminate\Http\Request;
use Laravel\Sanctum\PersonalAccessToken;
use Closure;

class VerifyIntegrationToken
{
    public function handle(Request $request, Closure $next)
    {
//        $modelId = $request->route('modelId');

        $token = $request->bearerToken()
            ?? $request->header('X-Integration-Token')
            ?? $request->query('token');

        if (!$token) {
            return response()->json(['message' => 'Токен не передан'], 401);
        }

        $access = PersonalAccessToken::findToken($token);

//        if ($access->tokenable_id != $modelId) {
//            return response()->json(['message' => 'Неверный токен'], 401);
//        }

        if (!$access) {
            return response()->json(['message' => 'Неверный токен'], 401);
        }

        if ($access->expires_at && $access->expires_at->isPast()) {
            return response()->json(['message' => 'Токен истёк'], 401);
        }

        $tokenable = $access->tokenable;
        if (!($tokenable instanceof System)) {
            return response()->json(['message' => 'Недопустимый тип токена'], 403);
        }

        $tokenable->withAccessToken($access);

//        $request->setUserResolver(fn() => $tokenable);
//        Auth::setUser($tokenable);

        return $next($request);
    }
}