<?php
declare(strict_types=1);

namespace app\middleware;

use Closure;
use think\Request;
use think\Response;

class AdminToken
{
    public function handle(Request $request, Closure $next): Response
    {
        $token = (string) env('ADMIN_API_TOKEN', '');
        if ($token === '') {
            return $next($request);
        }
        $sent = (string) $request->header('X-Admin-Token', '');
        if (!hash_equals($token, $sent)) {
            return json(['code' => 401, 'msg' => 'Unauthorized'], 401);
        }
        return $next($request);
    }
}