First Commit (API Project)

app/Http/Middleware/ApiKeyMiddleware.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+use App\Models\User;
+
+class ApiKeyMiddleware
+{
+    public function handle(Request $request, Closure $next)
+    {
+        $apiKey = $request->header('X-API-KEY');
+
+        $validApiKey = false;
+
+        // 1. API 키가 유효한지 확인
+        if ($apiKey) {
+            $validApiKey = DB::table('api_keys')
+                ->where('key', $apiKey)
+                ->where('is_active', true)
+                ->exists();
+
+            // 2. 회원 인증 (remember_token으로)
+            if (!$validApiKey) {
+                $user = User::where('remember_token', $apiKey)->first();
+
+                if ($user) {
+                    $validApiKey = true;
+
+                    // ✅ 세션에 유저 정보 저장
+                    session(['Adm' => [
+                        'idx' => $user->mb_num,
+                        'id' => $user->mb_id,
+                        'name' => $user->mb_name,
+                        'level' => $user->mb_level,
+                        'token' => $user->remember_token,
+                    ]]);
+                }
+            }
+        }
+
+        if (!$validApiKey) {
+            return response()->json(['message' => 'Unauthorized. Invalid or missing API key or token'], 401);
+        }
+
+        return $next($request);
+    }
+}

app/Http/Middleware/CheckPermission.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use App\Services\AdminPermissionService;
+
+class CheckPermission
+{
+    public function handle(Request $request, Closure $next, string $permissionCode)
+    {
+        $userToken = $request->input('user_token');
+        if (!$userToken) {
+            $userToken = $request->header('X-API-KEY');
+            if (!$userToken) {
+                return response()->json(['error' => '토큰이 없습니다.'], 401);
+            }
+        }
+
+        if (!AdminPermissionService::hasPermission($userToken, $permissionCode)) {
+            return response()->json(['error' => '권한이 없습니다.'], 403);
+        }
+
+        return $next($request);
+    }
+}

app/Http/Middleware/CheckSwaggerAuth.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Session;
+use App\Models\Member;
+
+class CheckSwaggerAuth
+{
+    public function handle(Request $request, Closure $next)
+    {
+        $token = Session::get('USER_TOKEN');
+
+        if (!$token) {
+            // 원래 URL 저장 후 로그인 페이지로 이동
+            Session::put('redirect_to', $request->fullUrl());
+            return redirect()->route('login');
+        }
+
+        $user = Member::where('remember_token', $token)->first();
+
+        if (!$user) {
+            Session::forget('USER_TOKEN');
+            Session::forget('USER_ID');
+
+            Session::put('redirect_to', $request->fullUrl());
+            return redirect()->route('login');
+        }
+
+        return $next($request);
+    }
+}

app/Http/Middleware/CorsMiddleware.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class CorsMiddleware
+{
+    public function handle(Request $request, Closure $next): Response
+    {
+        $response = $next($request);
+
+        $response->headers->set('Access-Control-Allow-Origin', '*');
+        $response->headers->set('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+        $response->headers->set('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+
+        if ($request->isMethod('OPTIONS')) {
+            return response()->json([], 200, $response->headers->all());
+        }
+
+        return $response;
+    }
+}