From 40b6276acb830a553ebcc825badc82e09b95ee37 Mon Sep 17 00:00:00 2001
From: mohamadreza <mohamadreza1388.org@gmail.com>
Date: Wed, 29 Jan 2025 18:18:21 +0330
Subject: [PATCH] feat(middleware): add check admin middleware

---
 app/Http/Middleware/CheckAdminMiddleware.php | 32 ++++++++++++++++++++
 routes/api.php                               |  4 +++
 2 files changed, 36 insertions(+)
 create mode 100644 app/Http/Middleware/CheckAdminMiddleware.php

diff --git a/app/Http/Middleware/CheckAdminMiddleware.php b/app/Http/Middleware/CheckAdminMiddleware.php
new file mode 100644
index 0000000..7d117c5
--- /dev/null
+++ b/app/Http/Middleware/CheckAdminMiddleware.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Http\Trait\ApiResponseTrait;
+use Closure;
+use Illuminate\Http\Request;
+use Laravel\Sanctum\PersonalAccessToken;
+use Symfony\Component\HttpFoundation\Response;
+
+class CheckAdminMiddleware
+{
+    use ApiResponseTrait;
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        $authHeader = $request->header('authorization');
+        $token = $authHeader && strlen($authHeader) > 7 ? substr($authHeader, 7) : null;
+        $personalAccessToken = $token ? PersonalAccessToken::findToken($token) : null;
+        $user = $personalAccessToken?->tokenable;
+
+        if ($user and $user?->getRoleNames()->toArray()[0] === "admin") {
+            return $next($request);
+        }else {
+            return $this->fail();
+        }
+    }
+}
diff --git a/routes/api.php b/routes/api.php
index 2559729..9a6c1b4 100755
--- a/routes/api.php
+++ b/routes/api.php
@@ -3,10 +3,14 @@
 use App\Http\Controllers\Auth\AuthController;
 use App\Http\Controllers\CodeController;
 use App\Http\Controllers\InfoController;
+use App\Http\Middleware\CheckAdminMiddleware;
 use Illuminate\Support\Facades\Route;
 
 Route::name('api.')->group(function () {
     Route::prefix('v1')->name('v1.')->group(function () {
+        Route::post("test", function () {
+            echo "ok";
+        })->middleware(CheckAdminMiddleware::class);
         Route::post('auth', [AuthController::class, 'auth'])->name('auth');
         Route::post('verify', [AuthController::class, 'verify'])->name('verify');
         Route::resource('code', CodeController::class)->except(['create', 'edit', 'store', 'destroy']);