完善保险端的前后端
This commit is contained in:
shenquanyi
@@ -22,27 +22,66 @@ const jwtAuth = (req, res, next) => {
|
||||
const checkPermission = (resource, action) => {
|
||||
return async (req, res, next) => {
|
||||
try {
|
||||
const { Role } = require('../models');
|
||||
console.log(`权限检查 - 资源: ${resource}, 操作: ${action}, 用户:`, req.user);
|
||||
const user = req.user;
|
||||
|
||||
if (!user || !user.role_id) {
|
||||
console.log('权限检查失败 - 用户角色信息缺失');
|
||||
return res.status(403).json(responseFormat.error('用户角色信息缺失'));
|
||||
}
|
||||
|
||||
const userRole = await Role.findByPk(user.role_id);
|
||||
let permissions = [];
|
||||
|
||||
if (!userRole) {
|
||||
return res.status(403).json(responseFormat.error('用户角色不存在'));
|
||||
// 优先使用JWT中的权限信息
|
||||
if (user.permissions) {
|
||||
if (typeof user.permissions === 'string') {
|
||||
try {
|
||||
permissions = JSON.parse(user.permissions);
|
||||
} catch (e) {
|
||||
console.log('JWT权限解析失败:', e.message);
|
||||
permissions = [];
|
||||
}
|
||||
} else if (Array.isArray(user.permissions)) {
|
||||
permissions = user.permissions;
|
||||
}
|
||||
}
|
||||
|
||||
// 如果JWT中没有权限信息,从数据库查询
|
||||
if (permissions.length === 0) {
|
||||
const { Role } = require('../models');
|
||||
const userRole = await Role.findByPk(user.role_id);
|
||||
|
||||
if (!userRole) {
|
||||
console.log('权限检查失败 - 用户角色不存在, role_id:', user.role_id);
|
||||
return res.status(403).json(responseFormat.error('用户角色不存在'));
|
||||
}
|
||||
|
||||
let rolePermissions = userRole.permissions || [];
|
||||
|
||||
// 如果permissions是字符串,尝试解析为JSON
|
||||
if (typeof rolePermissions === 'string') {
|
||||
try {
|
||||
permissions = JSON.parse(rolePermissions);
|
||||
} catch (e) {
|
||||
console.log('数据库权限解析失败:', e.message);
|
||||
permissions = [];
|
||||
}
|
||||
} else if (Array.isArray(rolePermissions)) {
|
||||
permissions = rolePermissions;
|
||||
}
|
||||
}
|
||||
|
||||
const permissions = userRole.permissions || [];
|
||||
const requiredPermission = `${resource}:${action}`;
|
||||
|
||||
console.log('权限检查 - 用户权限:', permissions, '需要权限:', requiredPermission);
|
||||
|
||||
// 检查权限或超级管理员权限
|
||||
if (!permissions.includes(requiredPermission) && !permissions.includes('*:*')) {
|
||||
if (!permissions.includes(requiredPermission) && !permissions.includes('*:*') && !permissions.includes('*')) {
|
||||
console.log('权限检查失败 - 权限不足');
|
||||
return res.status(403).json(responseFormat.error('权限不足'));
|
||||
}
|
||||
|
||||
console.log('权限检查通过');
|
||||
next();
|
||||
} catch (error) {
|
||||
return res.status(500).json(responseFormat.error('权限验证失败'));
|
||||
@@ -67,4 +106,17 @@ const optionalAuth = (req, res, next) => {
|
||||
next();
|
||||
};
|
||||
|
||||
module.exports = { jwtAuth, checkPermission, optionalAuth };
|
||||
// 别名导出以匹配路由中的使用
|
||||
const authenticateToken = jwtAuth;
|
||||
const requirePermission = (permission) => {
|
||||
const [resource, action] = permission.split(':');
|
||||
return checkPermission(resource, action);
|
||||
};
|
||||
|
||||
module.exports = {
|
||||
jwtAuth,
|
||||
checkPermission,
|
||||
optionalAuth,
|
||||
authenticateToken,
|
||||
requirePermission
|
||||
};
|
||||
Reference in New Issue
Block a user