aiotagro/nxxmdata
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

完善保险前后端、养殖端小程序

Browse Source
This commit is contained in:
xuqiuyun
2025-09-25 19:09:51 +08:00
parent 76b5393182
commit 852adbcfff
199 changed files with 8642 additions and 52333 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
insurance_backend/middleware/auth.js
View File

@@ -1,32 +1,97 @@
const jwt = require('jsonwebtoken');
const User = require('../models/User');
const Role = require('../models/Role');
const responseFormat = require('../utils/response');
// JWT认证中间件
const jwtAuth = (req, res, next) => {
const token = req.headers.authorization?.replace('Bearer ', '');
if (!token) {
return res.status(401).json(responseFormat.error('未提供认证令牌'));
}
const jwtAuth = async (req, res, next) => {
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
const authHeader = req.headers.authorization;
console.log('Authorization header:', authHeader);
// 检查Token类型只接受访问令牌
if (decoded.type && decoded.type !== 'access') {
return res.status(401).json(responseFormat.error('无效的令牌类型'));
if (!authHeader || !authHeader.startsWith('Bearer ')) {
return res.status(401).json(responseFormat.error('未提供有效的认证token'));
}
const token = authHeader.substring(7);
console.log('提取的token:', token);
console.log('token类型:', typeof token);
console.log('token长度:', token.length);
// 首先尝试固定token验证
const user = await User.findOne({
where: {
fixed_token: token,
status: 'active'
},
include: [{
model: Role,
as: 'role',
attributes: ['id', 'name', 'permissions']
}]
});
if (user) {
// 固定token验证成功
req.user = {
id: user.id,
userId: user.id,
username: user.username,
role_id: user.role_id,
role: user.role,
permissions: user.role ? user.role.permissions : [],
type: 'fixed_token'
};
return next();
}
// 如果固定token验证失败尝试JWT验证
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
if (decoded.type !== 'access') {
return res.status(401).json(responseFormat.error('Token类型错误'));
}
// 验证用户是否存在且状态正常
const jwtUser = await User.findOne({
where: {
id: decoded.id,
status: 'active'
},
include: [{
model: Role,
as: 'role',
attributes: ['id', 'name', 'permissions']
}]
});
if (!jwtUser) {
return res.status(401).json(responseFormat.error('用户不存在或已被禁用'));
}
req.user = {
id: decoded.id,
userId: decoded.id,
username: decoded.username,
role_id: decoded.role_id,
role: jwtUser.role,
permissions: decoded.permissions || (jwtUser.role ? jwtUser.role.permissions : []),
type: 'jwt'
};
return next();
} catch (jwtError) {
if (jwtError.name === 'TokenExpiredError') {
return res.status(401).json(responseFormat.error('Token已过期', 'TOKEN_EXPIRED'));
} else if (jwtError.name === 'JsonWebTokenError') {
return res.status(401).json(responseFormat.error('Token无效'));
}
throw jwtError;
}
req.user = decoded;
next();
} catch (error) {
if (error.name === 'TokenExpiredError') {
return res.status(401).json(responseFormat.error('认证令牌已过期', 'TOKEN_EXPIRED'));
} else if (error.name === 'JsonWebTokenError') {
return res.status(401).json(responseFormat.error('认证令牌无效', 'TOKEN_INVALID'));
} else {
return res.status(401).json(responseFormat.error('认证失败', 'AUTH_FAILED'));
}
console.error('Token验证错误:', error);
return res.status(500).json(responseFormat.error('服务器内部错误'));
}
};
@@ -58,8 +123,16 @@ const checkPermission = (resource, action) => {
}
}
// 如果JWT中没有权限信息从数据库查询
if (permissions.length === 0) {
const requiredPermission = `${resource}:${action}`;
// 首先检查JWT中的权限
let hasPermission = permissions.includes(requiredPermission) ||
permissions.includes('*:*') ||
permissions.includes('*');
// 如果JWT中没有权限信息或者JWT权限不足从数据库查询最新权限
if (permissions.length === 0 || !hasPermission) {
console.log('JWT权限不足或为空从数据库获取最新权限...');
const { Role } = require('../models');
const userRole = await Role.findByPk(user.role_id);
@@ -81,14 +154,19 @@ const checkPermission = (resource, action) => {
} else if (Array.isArray(rolePermissions)) {
permissions = rolePermissions;
}
console.log('从数据库获取的最新权限:', permissions);
// 重新检查权限
hasPermission = permissions.includes(requiredPermission) ||
permissions.includes('*:*') ||
permissions.includes('*');
}
const requiredPermission = `${resource}:${action}`;
console.log('权限检查 - 用户权限:', permissions, '需要权限:', requiredPermission);
console.log('权限检查 - 用户权限:', permissions, '需要权限:', requiredPermission, '是否有权限:', hasPermission);
// 检查权限或超级管理员权限
if (!permissions.includes(requiredPermission) && !permissions.includes('*:*') && !permissions.includes('*')) {
if (!hasPermission) {
console.log('权限检查失败 - 权限不足');
return res.status(403).json(responseFormat.error('权限不足'));
}

119
insurance_backend/middleware/fixedTokenAuth.js Normal file
View File

@@ -0,0 +1,119 @@
const User = require('../models/User');
const Role = require('../models/Role');
/**
* 固定Token认证中间件
* 支持JWT token和固定token两种认证方式
*/
const fixedTokenAuth = async (req, res, next) => {
try {
const authHeader = req.headers.authorization;
if (!authHeader) {
return res.status(401).json({
status: 'error',
message: '未提供认证token'
});
}
// 检查是否为Bearer token格式
if (authHeader.startsWith('Bearer ')) {
const token = authHeader.substring(7);
// 首先尝试固定token验证
const user = await User.findOne({
where: {
fixed_token: token,
status: 'active'
},
include: [{
model: Role,
as: 'role',
attributes: ['id', 'name', 'permissions']
}]
});
if (user) {
// 固定token验证成功
req.user = {
id: user.id,
username: user.username,
role_id: user.role_id,
role: user.role,
permissions: user.role ? user.role.permissions : []
};
return next();
}
// 如果固定token验证失败尝试JWT验证
const jwt = require('jsonwebtoken');
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
if (decoded.type !== 'access') {
return res.status(401).json({
status: 'error',
message: 'Token类型错误'
});
}
// 验证用户是否存在且状态正常
const jwtUser = await User.findOne({
where: {
id: decoded.userId,
status: 'active'
},
include: [{
model: Role,
as: 'role',
attributes: ['id', 'name', 'permissions']
}]
});
if (!jwtUser) {
return res.status(401).json({
status: 'error',
message: '用户不存在或已被禁用'
});
}
req.user = {
id: jwtUser.id,
username: jwtUser.username,
role_id: jwtUser.role_id,
role: jwtUser.role,
permissions: decoded.permissions || (jwtUser.role ? jwtUser.role.permissions : [])
};
return next();
} catch (jwtError) {
if (jwtError.name === 'TokenExpiredError') {
return res.status(401).json({
status: 'error',
code: 'TOKEN_EXPIRED',
message: 'Token已过期'
});
} else if (jwtError.name === 'JsonWebTokenError') {
return res.status(401).json({
status: 'error',
message: 'Token无效'
});
}
throw jwtError;
}
} else {
return res.status(401).json({
status: 'error',
message: 'Token格式错误请使用Bearer格式'
});
}
} catch (error) {
console.error('Token验证错误:', error);
return res.status(500).json({
status: 'error',
message: '服务器内部错误'
});
}
};
module.exports = fixedTokenAuth;