<?php namespace App\Middleware; use App\Models\System; use Illuminate\Http\Request; use Laravel\Sanctum\PersonalAccessToken; use Closure; class VerifyIntegrationToken { public function handle(Request $request, Closure $next) { // $modelId = $request->route('modelId'); $token = $request->bearerToken() ?? $request->header('X-Integration-Token') ?? $request->query('token'); if (!$token) { return response()->json(['message' => 'Токен не передан'], 401); } $access = PersonalAccessToken::findToken($token); // if ($access->tokenable_id != $modelId) { // return response()->json(['message' => 'Неверный токен'], 401); // } if (!$access) { return response()->json(['message' => 'Неверный токен'], 401); } if ($access->expires_at && $access->expires_at->isPast()) { return response()->json(['message' => 'Токен истёк'], 401); } $tokenable = $access->tokenable; if (!($tokenable instanceof System)) { return response()->json(['message' => 'Недопустимый тип токена'], 403); } $tokenable->withAccessToken($access); // $request->setUserResolver(fn() => $tokenable); // Auth::setUser($tokenable); return $next($request); } }