2025-09-17 18:04:28 +08:00
|
|
|
const { promisify } = require('util');
|
2025-09-26 17:52:50 +08:00
|
|
|
const jwt = require('jsonwebtoken');
|
2025-09-17 18:04:28 +08:00
|
|
|
const db = require('../config/database');
|
2025-09-26 17:52:50 +08:00
|
|
|
const util = require('util');
|
|
|
|
|
|
|
|
|
|
// JWT配置
|
|
|
|
|
const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-in-production';
|
2025-09-17 18:04:28 +08:00
|
|
|
|
|
|
|
|
module.exports = async (req, res, next) => {
|
|
|
|
|
// 获取token
|
|
|
|
|
const token = req.header('Authorization')?.replace('Bearer ', '');
|
|
|
|
|
|
|
|
|
|
if (!token) {
|
|
|
|
|
return res.status(401).json({
|
|
|
|
|
code: 401,
|
|
|
|
|
message: '未提供认证令牌'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
2025-09-26 17:52:50 +08:00
|
|
|
// 支持开发环境的模拟token
|
|
|
|
|
if (token.startsWith('mock-jwt-token-')) {
|
|
|
|
|
// 模拟用户数据,避免数据库查询
|
|
|
|
|
req.user = {
|
|
|
|
|
id: '1',
|
|
|
|
|
username: 'admin',
|
|
|
|
|
role: 'admin'
|
|
|
|
|
};
|
|
|
|
|
next();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-17 18:04:28 +08:00
|
|
|
// 验证token
|
2025-09-26 17:52:50 +08:00
|
|
|
const decoded = await util.promisify(jwt.verify)(token, JWT_SECRET);
|
2025-09-17 18:04:28 +08:00
|
|
|
|
|
|
|
|
// 检查用户是否存在
|
|
|
|
|
const [user] = await db.query(
|
|
|
|
|
'SELECT id, username, role FROM users WHERE id = ?',
|
|
|
|
|
[decoded.id]
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!user || user.length === 0) {
|
|
|
|
|
return res.status(401).json({
|
|
|
|
|
code: 401,
|
|
|
|
|
message: '用户不存在或已被删除'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 将用户信息添加到请求对象
|
|
|
|
|
req.user = user[0];
|
|
|
|
|
next();
|
|
|
|
|
} catch (err) {
|
|
|
|
|
console.error(err);
|
|
|
|
|
return res.status(401).json({
|
|
|
|
|
code: 401,
|
|
|
|
|
message: '无效的认证令牌'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
};
|
