<?php

namespace App\Domains\Company\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use App\Exceptions\AuthException;
use App\Exceptions\NotAllowedException;
use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;

class PasswordAuthenticate
{
    public function handle(Request $request, Closure $next)
    {
        $account = $request->user('company');
        $password = $request->get('password', '');

        if ($account->password !== md5($password . $account->salt)) {
            throw new NotAllowedException('原密码不正确');
        }

        return $next($request);
    }
}