AdminToken.php
565 Bytes
<?php
declare(strict_types=1);
namespace app\middleware;
use Closure;
use think\Request;
use think\Response;
class AdminToken
{
public function handle(Request $request, Closure $next): Response
{
$token = (string) env('ADMIN_API_TOKEN', '');
if ($token === '') {
return $next($request);
}
$sent = (string) $request->header('X-Admin-Token', '');
if (!hash_equals($token, $sent)) {
return json(['code' => 401, 'msg' => 'Unauthorized'], 401);
}
return $next($request);
}
}