First Commit (API Project)

app/Http/Middleware/CheckPermission.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use App\Services\AdminPermissionService;
+
+class CheckPermission
+{
+    public function handle(Request $request, Closure $next, string $permissionCode)
+    {
+        $userToken = $request->input('user_token');
+        if (!$userToken) {
+            $userToken = $request->header('X-API-KEY');
+            if (!$userToken) {
+                return response()->json(['error' => '토큰이 없습니다.'], 401);
+            }
+        }
+
+        if (!AdminPermissionService::hasPermission($userToken, $permissionCode)) {
+            return response()->json(['error' => '권한이 없습니다.'], 403);
+        }
+
+        return $next($request);
+    }
+}