baoshi-was/app/Http/Middleware/AuthorizingApi.php

<?php

namespace App\Http\Middleware;

use Closure;
use Firebase\JWT\JWT;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Cache;

class AuthorizingApi
{
    /**
     * Handle an incoming request.
     *
     * @param  Request  $request
     * @param  Closure  $next
     * @return mixed
     */
    public function handle(Request $request, Closure $next)
    {
        $token = $request->header("token");
        if (!$token) return response()->json([
                        'message' => '没有认证，请前去认证',
                        'status_code' => 401,
                    ]);
        try {
            $publicKey = Cache::remember("TOKEN_PUBLIC_KEY",7200,function (){
                return file_get_contents(base_path().'/public.pem');
            });
        }catch (\Exception $e){
            $response["status_code"] = 410;
            if (strpos($e->getMessage(),"No such file or directory")!==false)$response["message"] = "服务器异常,资源丢失";
            else $response["message"] = "访问某些资源失败";
            return response()->json($response);
        }
        try {
            $payload = JWT::decode($token, $publicKey, ['RS256']);
        }catch (\Exception $e){
            $response["status_code"] = 401;
            $response["message"] = "token非法";
            return response()->json($response);
        }
        if ($payload["exp"]<time()){
            $response["status_code"] = 401;
            $response["message"] = "token失效";
            return response()->json($response);
        }
        return $next($request);
    }
}