<?php

namespace App\Http\Middleware;

use App\Services\ApiResponseService;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Auth;

class AdminAuthMiddleware
{
    /**
     * @var ApiResponseService
     */
    protected ApiResponseService $responseService;

    /**
     * 构造函数
     * @param ApiResponseService $responseService
     */
    public function __construct(ApiResponseService $responseService)
    {
        $this->responseService = $responseService;
    }

    /**
     * Handle an incoming request.
     * @param Request $request
     * @param Closure $next
     * @return JsonResponse|mixed
     */
    public function handle(Request $request, Closure $next): mixed
    {
        // 检查请求头中是否有 auth
        if (!$request->hasHeader('auth')) {
            return $this->responseService->unauthorized(
                __('middleware.auth.token_exists')
            );
        }

        $token = $request->header('auth');

        // 检查 token 是否有效
        if (!Auth::guard('sanctum')->check()) {
            // 尝试通过 token 认证
            $request->headers->set('Authorization', 'Bearer ' . $token);
            if (!Auth::guard('sanctum')->check()) {
                return $this->responseService->unauthorized(
                    __('middleware.auth.token_invalid')
                );
            }
        }

        // 检查用户状态
        $user = Auth::guard('sanctum')->user();
        if (!$user || $user->status !== 1) {
            return $this->responseService->error(
                __('middleware.auth.user_disabled'),
                403
            );
        }

        // 检查是否为 JSON 请求
        $contentType = $request->header('Content-Type');
        if ($request->isMethod('POST')
            && (!$contentType
                || !str_contains(
                    $contentType,
                    'application/json'
                ))
        ) {
            return $this->responseService->error(
                __('middleware.auth.use_json'),
                400
            );
        }

        // 检查请求体是否为空对象
        if ($request->isMethod('POST') && $request->getContent() === '') {
            $request->merge([]);
        }

        return $next($request);
    }
}