<?php

namespace App\Http\Middleware;

use App\Services\ApiResponseService;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Symfony\Component\HttpFoundation\Response;

class CheckSessionTimeout
{
    /**
     * @param Request $request
     * @param Closure $next
     * @return Response
     */
    public function handle(Request $request, Closure $next): Response
    {
        if (Auth::guard('sanctum')->check()) {
            if (session()->has('last_activity')) {
                $expire_period = 30 * 60; // 30 minutes in seconds
                if (time() - session('last_activity') > $expire_period) {
                    $user = Auth::guard('sanctum')->user();
                    $user->tokens()->delete();
                    return (new ApiResponseService())->error(
                        __('middleware.check.login_invalid'),
                        400
                    );
                }
            }
            session(['last_activity' => time()]); // 更新最后活动时间
        }
        return $next($request);
    }
}