extractToken((string) $request->header('Authorization', '')); if ($token === '') { return Response::error('未提供登录凭证', 401); } $user = User::findBySessionKey($token); if (!$user) { return Response::error('登录已过期，请重新登录', 401); } $request->withMiddleware([ 'smt_user_id' => (int) $user->id, 'smt_user' => [ 'id' => (int) $user->id, 'mini_program_id' => (int) $user->mini_program_id, 'open_id' => (string) $user->open_id, 'union_id' => (string) $user->union_id, 'nickname' => (string) $user->nick_name, 'avatar_url' => (string) $user->avatar_url, 'gender' => (int) $user->gender, 'phone' => (string) $user->phone, 'session_key' => (string) $user->session_key, ], ]); return $next($request); } private function extractToken(string $authorization): string { if ($authorization === '') { return ''; } if (!preg_match('/Bearer\s+(.+)/i', $authorization, $matches)) { return ''; } return trim((string) ($matches[1] ?? '')); } }