crewli/api/app/Http/Middleware/CookieBearerToken.php

<?php

declare(strict_types=1);

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

final class CookieBearerToken
{
    private const COOKIE_NAMES = [
        'crewli_admin_token',
        'crewli_app_token',
        'crewli_portal_token',
    ];

    public function handle(Request $request, Closure $next): Response
    {
        // Skip if an Authorization header is already present
        if ($request->hasHeader('Authorization')) {
            return $next($request);
        }

        foreach (self::COOKIE_NAMES as $cookieName) {
            $token = $request->cookie($cookieName);

            if ($token) {
                $request->headers->set('Authorization', 'Bearer ' . $token);
                break;
            }
        }

        return $next($request);
    }
}