const express = require('express') const bcrypt = require('bcryptjs') const jwt = require('jsonwebtoken') const Joi = require('joi') const router = express.Router() // 模拟用户数据 const users = [ { id: 1, username: 'admin', email: 'admin@example.com', password: '$2a$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi', // password role: 'admin', status: 'active' }, { id: 2, username: 'buyer', email: 'buyer@example.com', password: '$2a$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi', // password role: 'buyer', status: 'active' }, { id: 3, username: 'trader', email: 'trader@example.com', password: '$2a$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi', // password role: 'trader', status: 'active' } ] // 登录参数验证 const loginSchema = Joi.object({ username: Joi.string().min(2).max(50).required(), password: Joi.string().min(6).max(100).required() }) // 生成JWT token const generateToken = (user) => { return jwt.sign( { id: user.id, username: user.username, role: user.role }, process.env.JWT_SECRET || 'niumall-secret-key', { expiresIn: process.env.JWT_EXPIRES_IN || '24h' } ) } // 用户登录 router.post('/login', async (req, res) => { try { // 参数验证 const { error, value } = loginSchema.validate(req.body) if (error) { return res.status(400).json({ success: false, message: '参数验证失败', details: error.details[0].message }) } const { username, password } = value // 查找用户 const user = users.find(u => u.username === username || u.email === username) if (!user) { return res.status(401).json({ success: false, message: '用户名或密码错误' }) } // 验证密码 const isPasswordValid = await bcrypt.compare(password, user.password) if (!isPasswordValid) { return res.status(401).json({ success: false, message: '用户名或密码错误' }) } // 检查用户状态 if (user.status !== 'active') { return res.status(403).json({ success: false, message: '账户已被禁用,请联系管理员' }) } // 生成token const token = generateToken(user) res.json({ success: true, message: '登录成功', data: { access_token: token, token_type: 'Bearer', expires_in: 86400, // 24小时 user: { id: user.id, username: user.username, email: user.email, role: user.role, status: user.status } } }) } catch (error) { console.error('登录失败:', error) res.status(500).json({ success: false, message: '登录失败,请稍后重试' }) } }) // 获取当前用户信息 router.get('/me', authenticateToken, (req, res) => { const user = users.find(u => u.id === req.user.id) if (!user) { return res.status(404).json({ success: false, message: '用户不存在' }) } res.json({ success: true, data: { user: { id: user.id, username: user.username, email: user.email, role: user.role, status: user.status }, permissions: getUserPermissions(user.role) } }) }) // 用户登出 router.post('/logout', authenticateToken, (req, res) => { // 在实际项目中,可以将token加入黑名单 res.json({ success: true, message: '登出成功' }) }) // JWT token验证中间件 function authenticateToken(req, res, next) { const authHeader = req.headers['authorization'] const token = authHeader && authHeader.split(' ')[1] if (!token) { return res.status(401).json({ success: false, message: '访问令牌缺失' }) } jwt.verify(token, process.env.JWT_SECRET || 'niumall-secret-key', (err, user) => { if (err) { return res.status(403).json({ success: false, message: '访问令牌无效或已过期' }) } req.user = user next() }) } // 获取用户权限 function getUserPermissions(role) { const permissions = { admin: ['*'], // 管理员拥有所有权限 buyer: ['order:read', 'order:create', 'order:update', 'supplier:read'], trader: ['order:read', 'order:update', 'supplier:read', 'supplier:create', 'supplier:update', 'transport:read'], supplier: ['order:read', 'quality:read', 'quality:create', 'quality:update'], driver: ['transport:read', 'transport:update'] } return permissions[role] || [] } module.exports = router