public function handle($request, Closure $next, $guard = null)
{
$autheticated_user = Auth::guard($guard)->user();
$has_valid_token = false;
// Is the user has used "remember me" the token may not be in their session when they return
if ($request->session()->has('jwt')) {
$token = $request->session()->get('jwt');
try {
$token_user = $this->auth->authenticate($token);
if ($token_user->id !== $autheticated_user->id) {
throw new JWTException('Token does not belong to the authenticated user');
}
$has_valid_token = true;
} catch (TokenExpiredException $e) {
$has_valid_token = false;
} catch (JWTException $e) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return redirect()->guest('login');
}
}
}
// If there is no valid token, generate one
if (!$has_valid_token) {
event(new JsonWebTokenExpired($autheticated_user));
}
return $next($request);
}