<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;
use App\Models\User; // 如果你的 Token 存在 user table

class ApiTokenMiddleware
{
    public function handle(Request $request, Closure $next)
    {
        $token = $request->bearerToken();
        if (!$token) {
            return response()->json(['error' => 'Missing token'], 401);
        }
        $response = Http::withToken($token)
            ->withOptions(['verify' => false])
            ->post('https://ktv.test/api/token/validate');
            
        if ($response->failed() || !$response->json('valid')) {
            return response()->json(['error' => 'Invalid token'], 401);
        }


        $user = User::where('api_plain_token', $token)->first();
        if (!$user) {
            return response()->json(['message' => 'Invalid token'], 401);
        }

        $request->setUserResolver(fn() => $user);

        return $next($request);
    }
}