public function __invoke(Request $request, Response $response, callable $out = null)
{
$headerLine = $request->getHeaderLine('authorization');
$parts = explode(';', $headerLine);
if (isset($parts[0]) && starts_with($parts[0], $this->prefix)) {
$id = substr($parts[0], strlen($this->prefix));
if (isset($parts[1])) {
if (ApiKey::find($id)) {
$actor = $this->getUser($parts[1]);
$request = $request->withAttribute('bypassFloodgate', true);
}
} elseif ($token = AccessToken::find($id)) {
$token->touch();
$actor = $token->user;
}
if (isset($actor)) {
$request = $request->withAttribute('actor', $actor);
$request = $request->withoutAttribute('session');
}
}
return $out ? $out($request, $response) : $response;
}