aiotagro/nxxmdata
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: 宁夏智慧养殖监管平台

Browse Source
This commit is contained in:
shenquanyi
2025-08-25 15:00:46 +08:00
commit ec72c6a8b5
177 changed files with 37263 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
backend/middleware/auth.js Normal file
View File

@@ -0,0 +1,90 @@
const jwt = require('jsonwebtoken');
const { User, Role } = require('../models');
/**
* 验证JWT Token的中间件
* @param {Object} req - 请求对象
* @param {Object} res - 响应对象
* @param {Function} next - 下一步函数
*/
const verifyToken = async (req, res, next) => {
try {
// 从请求头获取token
const authHeader = req.headers['authorization'];
const token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
if (!token) {
return res.status(401).json({
success: false,
message: '未授权'
});
}
// 验证token
const decoded = jwt.verify(token, process.env.JWT_SECRET || 'your_jwt_secret_key');
// 将用户信息添加到请求对象中
req.user = decoded;
next();
} catch (error) {
return res.status(401).json({
success: false,
message: '未授权'
});
}
};
/**
* 检查用户是否具有指定角色的中间件
* @param {string[]} roles - 允许访问的角色数组
* @returns {Function} 中间件函数
*/
const checkRole = (roles) => {
return async (req, res, next) => {
try {
const userId = req.user.id;
// 查询用户及其角色
const user = await User.findByPk(userId, {
include: [{
model: Role,
as: 'roles', // 添加as属性指定关联别名
attributes: ['name']
}]
});
if (!user) {
return res.status(404).json({
success: false,
message: '用户不存在'
});
}
// 获取用户角色名称数组
const userRoles = user.roles.map(role => role.name);
// 检查用户是否具有所需角色
const hasRequiredRole = roles.some(role => userRoles.includes(role));
if (!hasRequiredRole) {
return res.status(403).json({
success: false,
message: '权限不足'
});
}
next();
} catch (error) {
console.error('角色检查错误:', error);
return res.status(500).json({
success: false,
message: '服务器内部错误'
});
}
};
};
module.exports = {
verifyToken,
checkRole
};