<?php
namespace App\Http\Middleware;
use App\Application;
use App\Classes\SendResponse;
use Closure;
use Illuminate\Http\Request;
class ApplicationsV2
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response|\Illuminate\Http\RedirectResponse) $next
* @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse
*/
public function handle(Request $request, Closure $next)
{
// Obtém o valor do cabeçalho Authorization
$authHeader = $request->header('Authorization');
$clientID = $request->header('X-App-ID'); // todo --- new
if (!$request->hasHeader('X-App-ID')) return SendResponse::errorResp400('X-Client-ID nao existe', 'X-App-ID does not exists'); // todo --- new
// Verifica se o cabeçalho Authorization está presente
if ($authHeader && preg_match('/Bearer\s(\S+)/', $authHeader, $matches)) {
$token = $matches[1];
// $apps = Application::query()->select('key', 'private_key')->get();
$client = Application::query()->whereNotNull('app_id')->where('app_id', $clientID)->select('key', 'private_key', 'app_id')->first();
if (!$client) return SendResponse::errorResp401unauthenticated('App ID invalido', 'Invalid App ID');
$client_key = $this->isValidToken($client, $token);
if (!$client_key) return SendResponse::errorResp401unauthenticated('Chave de encriptação invalida', 'Invalid Encryption Key');
// $app = Application::query()->where('key', $client_key)->first();
// if (!$app) return SendResponse::errorResp401unauthenticated();
if ($client->key !== $client_key) return SendResponse::errorResp401unauthenticated();
} else {
return SendResponse::errorResp401unauthorized();
}
return $next($request);
}
private function isValidToken($client, $token)
{
try {
return $this->decryptString($token, $client->private_key);
} catch (\Throwable $th) {
return false;
}
}
public function decryptString($encryptedData, $privateKey)
{
openssl_private_decrypt(base64_decode($encryptedData), $decryptedData, $privateKey);
return $decryptedData;
}
}