2025-09-25 17:43:54 +08:00
|
|
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
|
|
const User = require('../models/User');
|
|
|
|
|
|
const AdminStaff = require('../models/AdminStaff');
|
|
|
|
|
|
const bcrypt = require('bcryptjs');
|
2025-09-29 17:58:42 +08:00
|
|
|
|
const jwtModule = require('jsonwebtoken');
|
|
|
|
|
|
const tokenBlacklist = require('../utils/tokenBlacklist');
|
2025-09-19 17:52:28 +08:00
|
|
|
|
|
|
|
|
|
|
// JWT配置
|
2025-09-25 17:43:54 +08:00
|
|
|
|
const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-in-production';
|
2025-09-17 18:04:28 +08:00
|
|
|
|
|
|
|
|
|
|
exports.login = async (req, res) => {
|
|
|
|
|
|
try {
|
2025-09-25 17:43:54 +08:00
|
|
|
|
const { username, password } = req.body;
|
2025-09-17 18:04:28 +08:00
|
|
|
|
|
2025-09-25 17:43:54 +08:00
|
|
|
|
// 从数据库查找用户
|
|
|
|
|
|
const user = await User.findOne({
|
|
|
|
|
|
where: {
|
|
|
|
|
|
username,
|
|
|
|
|
|
status: 'active'
|
|
|
|
|
|
}
|
|
|
|
|
|
});
|
2025-09-19 17:52:28 +08:00
|
|
|
|
|
2025-09-25 17:43:54 +08:00
|
|
|
|
if (!user) {
|
|
|
|
|
|
return res.status(401).json({
|
|
|
|
|
|
code: 401,
|
|
|
|
|
|
message: '用户名或密码错误'
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 验证密码
|
|
|
|
|
|
const isPasswordValid = await bcrypt.compare(password, user.password);
|
|
|
|
|
|
|
|
|
|
|
|
if (!isPasswordValid) {
|
|
|
|
|
|
return res.status(401).json({
|
|
|
|
|
|
code: 401,
|
|
|
|
|
|
message: '用户名或密码错误'
|
|
|
|
|
|
});
|
2025-09-17 18:04:28 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2025-09-25 17:43:54 +08:00
|
|
|
|
// 更新最后登录时间
|
|
|
|
|
|
await user.update({
|
|
|
|
|
|
last_login: new Date()
|
|
|
|
|
|
});
|
|
|
|
|
|
|
2025-09-29 17:58:42 +08:00
|
|
|
|
const token = jwtModule.sign({
|
2025-09-25 17:43:54 +08:00
|
|
|
|
id: user.id,
|
|
|
|
|
|
username: user.username,
|
|
|
|
|
|
role: user.role
|
|
|
|
|
|
}, JWT_SECRET, { expiresIn: '2h' });
|
|
|
|
|
|
|
|
|
|
|
|
return res.json({
|
|
|
|
|
|
code: 200,
|
|
|
|
|
|
message: '登录成功',
|
|
|
|
|
|
data: { token }
|
|
|
|
|
|
});
|
2025-09-17 18:04:28 +08:00
|
|
|
|
} catch (err) {
|
2025-09-25 17:43:54 +08:00
|
|
|
|
console.error('登录错误:', err);
|
2025-09-17 18:04:28 +08:00
|
|
|
|
res.status(500).json({
|
|
|
|
|
|
code: 500,
|
|
|
|
|
|
message: '服务器错误',
|
|
|
|
|
|
error: err.message
|
2025-09-25 17:43:54 +08:00
|
|
|
|
});
|
2025-09-17 18:04:28 +08:00
|
|
|
|
}
|
2025-09-19 17:52:28 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 获取用户信息
|
|
|
|
|
|
exports.getUserInfo = async (req, res) => {
|
|
|
|
|
|
try {
|
|
|
|
|
|
// 从token中解析用户信息
|
2025-09-25 17:43:54 +08:00
|
|
|
|
const token = req.headers.authorization?.replace('Bearer ', '');
|
2025-09-19 17:52:28 +08:00
|
|
|
|
if (!token) {
|
|
|
|
|
|
return res.status(401).json({
|
|
|
|
|
|
code: 401,
|
|
|
|
|
|
message: '未提供认证令牌'
|
2025-09-25 17:43:54 +08:00
|
|
|
|
});
|
2025-09-19 17:52:28 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
try {
|
2025-09-29 17:58:42 +08:00
|
|
|
|
// 先检查token是否在黑名单中
|
|
|
|
|
|
if (tokenBlacklist.isBlacklisted(token)) {
|
|
|
|
|
|
return res.status(401).json({
|
|
|
|
|
|
code: 401,
|
|
|
|
|
|
message: '认证令牌已失效(已退出登录)'
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
const decoded = jwtModule.verify(token, JWT_SECRET);
|
2025-09-19 17:52:28 +08:00
|
|
|
|
|
2025-09-25 17:43:54 +08:00
|
|
|
|
// 从数据库获取用户信息
|
2025-09-29 17:58:42 +08:00
|
|
|
|
const user = await User.findByPk(decoded.id);
|
2025-09-25 17:43:54 +08:00
|
|
|
|
|
|
|
|
|
|
if (!user || user.status !== 'active') {
|
2025-09-19 17:52:28 +08:00
|
|
|
|
return res.status(401).json({
|
|
|
|
|
|
code: 401,
|
2025-09-25 17:43:54 +08:00
|
|
|
|
message: '用户不存在或已禁用'
|
|
|
|
|
|
});
|
2025-09-19 17:52:28 +08:00
|
|
|
|
}
|
2025-09-25 17:43:54 +08:00
|
|
|
|
|
|
|
|
|
|
// 获取员工信息
|
|
|
|
|
|
let staffInfo = null;
|
|
|
|
|
|
try {
|
|
|
|
|
|
staffInfo = await AdminStaff.findOne({
|
|
|
|
|
|
where: {
|
|
|
|
|
|
phone: user.username
|
|
|
|
|
|
}
|
|
|
|
|
|
});
|
|
|
|
|
|
} catch (error) {
|
|
|
|
|
|
console.warn('获取员工信息失败:', error);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 根据角色设置权限
|
|
|
|
|
|
const permissions = getPermissionsByRole(user.role);
|
|
|
|
|
|
|
|
|
|
|
|
const userInfo = {
|
|
|
|
|
|
id: user.id,
|
|
|
|
|
|
username: user.username,
|
|
|
|
|
|
name: staffInfo?.name || user.username,
|
|
|
|
|
|
role: user.role,
|
|
|
|
|
|
avatar: '',
|
|
|
|
|
|
email: '',
|
|
|
|
|
|
phone: staffInfo?.phone || user.username,
|
|
|
|
|
|
department: staffInfo?.department_id ? {
|
|
|
|
|
|
id: staffInfo.department_id,
|
|
|
|
|
|
name: ''
|
|
|
|
|
|
} : null,
|
|
|
|
|
|
position: staffInfo?.position_id ? {
|
|
|
|
|
|
id: staffInfo.position_id,
|
|
|
|
|
|
name: ''
|
|
|
|
|
|
} : null,
|
|
|
|
|
|
permissions
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
return res.json({
|
|
|
|
|
|
code: 200,
|
|
|
|
|
|
message: '获取用户信息成功',
|
|
|
|
|
|
data: userInfo
|
|
|
|
|
|
});
|
2025-09-19 17:52:28 +08:00
|
|
|
|
} catch (jwtError) {
|
2025-09-25 17:43:54 +08:00
|
|
|
|
console.error('JWT验证错误:', jwtError);
|
2025-09-19 17:52:28 +08:00
|
|
|
|
return res.status(401).json({
|
|
|
|
|
|
code: 401,
|
|
|
|
|
|
message: '认证令牌无效'
|
2025-09-25 17:43:54 +08:00
|
|
|
|
});
|
2025-09-19 17:52:28 +08:00
|
|
|
|
}
|
|
|
|
|
|
} catch (err) {
|
2025-09-25 17:43:54 +08:00
|
|
|
|
console.error('获取用户信息错误:', err);
|
2025-09-19 17:52:28 +08:00
|
|
|
|
res.status(500).json({
|
|
|
|
|
|
code: 500,
|
|
|
|
|
|
message: '服务器错误',
|
|
|
|
|
|
error: err.message
|
2025-09-25 17:43:54 +08:00
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
// 根据角色获取权限
|
2025-09-29 17:58:42 +08:00
|
|
|
|
function getPermissionsByRole(role) {
|
2025-09-25 17:43:54 +08:00
|
|
|
|
const basePermissions = ['dashboard'];
|
|
|
|
|
|
|
|
|
|
|
|
switch (role) {
|
|
|
|
|
|
case 'admin':
|
|
|
|
|
|
return [...basePermissions, 'users', 'settings', 'supervision', 'approval', 'personnel', 'warehouse', 'epidemic', 'service', 'visualization'];
|
|
|
|
|
|
case 'manager':
|
|
|
|
|
|
return [...basePermissions, 'supervision', 'approval', 'personnel', 'warehouse', 'epidemic', 'service'];
|
|
|
|
|
|
case 'inspector':
|
|
|
|
|
|
return [...basePermissions, 'supervision', 'epidemic'];
|
|
|
|
|
|
case 'clerk':
|
|
|
|
|
|
return [...basePermissions, 'approval', 'personnel', 'warehouse', 'service'];
|
|
|
|
|
|
default:
|
|
|
|
|
|
return basePermissions;
|
2025-09-19 17:52:28 +08:00
|
|
|
|
}
|
2025-09-29 17:58:42 +08:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
// 退出登录
|
|
|
|
|
|
exports.logout = async (req, res) => {
|
|
|
|
|
|
try {
|
|
|
|
|
|
// 从请求头中获取token
|
|
|
|
|
|
const token = req.headers.authorization?.replace('Bearer ', '');
|
|
|
|
|
|
|
|
|
|
|
|
if (token) {
|
|
|
|
|
|
try {
|
|
|
|
|
|
// 解码token获取过期时间
|
|
|
|
|
|
const decoded = jwtModule.decode(token);
|
|
|
|
|
|
if (decoded && decoded.exp) {
|
|
|
|
|
|
// 计算token剩余有效期(毫秒)
|
|
|
|
|
|
const currentTime = Math.floor(Date.now() / 1000);
|
|
|
|
|
|
const expiresIn = (decoded.exp - currentTime) * 1000;
|
|
|
|
|
|
|
|
|
|
|
|
if (expiresIn > 0) {
|
|
|
|
|
|
// 将token添加到黑名单
|
|
|
|
|
|
tokenBlacklist.addToBlacklist(token, expiresIn);
|
|
|
|
|
|
console.log(`用户退出登录,token已添加到黑名单: ${token.substring(0, 20)}...`);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
} catch (decodeError) {
|
|
|
|
|
|
console.warn('解码token失败:', decodeError);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return res.json({
|
|
|
|
|
|
code: 200,
|
|
|
|
|
|
message: '退出登录成功'
|
|
|
|
|
|
});
|
|
|
|
|
|
} catch (err) {
|
|
|
|
|
|
console.error('退出登录错误:', err);
|
|
|
|
|
|
res.status(500).json({
|
|
|
|
|
|
code: 500,
|
|
|
|
|
|
message: '服务器错误',
|
|
|
|
|
|
error: err.message
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
2025-09-25 17:43:54 +08:00
|
|
|
|
};
|
