/** * {@inheritdoc} */ public function __invoke(Request $request, Response $response, callable $out = null) { $header = $request->getHeaderLine('authorization'); $parts = explode(';', $header); if (isset($parts[0]) && starts_with($parts[0], $this->prefix)) { $token = substr($parts[0], strlen($this->prefix)); if ($accessToken = AccessToken::valid($token)) { $this->app->instance('flarum.actor', $user = $accessToken->user); $user->updateLastSeen()->save(); } elseif (isset($parts[1]) && ($apiKey = ApiKey::valid($token))) { $userParts = explode('=', trim($parts[1])); if (isset($userParts[0]) && $userParts[0] === 'userId') { $this->app->instance('flarum.actor', $user = User::find($userParts[1])); } } } return $out ? $out($request, $response) : $response; }