2025-09-26 17:52:50 +08:00
|
|
|
const jwt = require('jsonwebtoken');
|
2025-09-28 18:01:25 +08:00
|
|
|
const User = require('../models/User');
|
2025-09-26 17:52:50 +08:00
|
|
|
|
|
|
|
|
// JWT配置
|
|
|
|
|
const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-in-production';
|
2025-09-17 18:04:28 +08:00
|
|
|
|
|
|
|
|
module.exports = async (req, res, next) => {
|
|
|
|
|
// 获取token
|
|
|
|
|
const token = req.header('Authorization')?.replace('Bearer ', '');
|
|
|
|
|
|
|
|
|
|
if (!token) {
|
|
|
|
|
return res.status(401).json({
|
|
|
|
|
code: 401,
|
|
|
|
|
message: '未提供认证令牌'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
2025-09-26 17:52:50 +08:00
|
|
|
// 支持开发环境的模拟token
|
|
|
|
|
if (token.startsWith('mock-jwt-token-')) {
|
|
|
|
|
// 模拟用户数据,避免数据库查询
|
|
|
|
|
req.user = {
|
2025-09-28 18:01:25 +08:00
|
|
|
id: 1,
|
2025-09-26 17:52:50 +08:00
|
|
|
username: 'admin',
|
|
|
|
|
role: 'admin'
|
|
|
|
|
};
|
|
|
|
|
next();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-17 18:04:28 +08:00
|
|
|
// 验证token
|
2025-09-28 18:01:25 +08:00
|
|
|
const decoded = jwt.verify(token, JWT_SECRET);
|
2025-09-17 18:04:28 +08:00
|
|
|
|
2025-09-28 18:01:25 +08:00
|
|
|
// 使用Sequelize模型检查用户是否存在
|
|
|
|
|
const user = await User.findOne({
|
|
|
|
|
where: {
|
|
|
|
|
id: decoded.id,
|
|
|
|
|
status: 'active'
|
|
|
|
|
},
|
|
|
|
|
attributes: ['id', 'username', 'role']
|
|
|
|
|
});
|
2025-09-17 18:04:28 +08:00
|
|
|
|
2025-09-28 18:01:25 +08:00
|
|
|
if (!user) {
|
2025-09-17 18:04:28 +08:00
|
|
|
return res.status(401).json({
|
|
|
|
|
code: 401,
|
|
|
|
|
message: '用户不存在或已被删除'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 将用户信息添加到请求对象
|
2025-09-28 18:01:25 +08:00
|
|
|
req.user = user;
|
2025-09-17 18:04:28 +08:00
|
|
|
next();
|
|
|
|
|
} catch (err) {
|
|
|
|
|
console.error(err);
|
|
|
|
|
return res.status(401).json({
|
|
|
|
|
code: 401,
|
|
|
|
|
message: '无效的认证令牌'
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
};
|
