<?php

declare (strict_types=1);

namespace app\middleware;

use think\facade\Db;

class AuthApi
{
    public function handle($request, \Closure $next)
    {
        $uid = input('post.uid/d');
        $timestamp = input('post.timestamp');
        $sign = input('post.sign');
        if (!$uid || empty($timestamp) || empty($sign)) {
            return json(['code' => -1, 'msg' => '认证参数不能为空'])->code(403);
        }
        if ($timestamp < time() - 300 || $timestamp > time() + 300) {
            return json(['code' => -1, 'msg' => '时间戳不合法'])->code(403);
        }
        $user = Db::name('user')->where('id', $uid)->find();
        if (!$user) {
            return json(['code' => -1, 'msg' => '用户不存在'])->code(403);
        }
        if ($user['status'] == 0) {
            return json(['code' => -1, 'msg' => '该用户已被封禁'])->code(403);
        }
        if ($user['is_api'] == 0) {
            return json(['code' => -1, 'msg' => '该用户未开启API权限'])->code(403);
        }
        if (md5($uid.$timestamp.$user['apikey']) !== $sign) {
            return json(['code' => -1, 'msg' => '签名错误'])->code(403);
        }

        $user['type'] = 'user';
        $user['permission'] = [];
        if ($user['level'] == 1) {
            $user['permission'] = Db::name('permission')->where('uid', $uid)->column('domain');
        }

        $request->islogin = true;
        $request->isApi = true;
        $request->user = $user;
        return $next($request);
    }
}