const jwt = require('jsonwebtoken') // JWT配置 const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-in-production' // 临时用户数据(实际项目中应该从数据库获取) const users = [ { id: 1, username: 'admin', password: '123456', name: '系统管理员', role: 'admin', email: 'admin@example.com' } ] exports.login = async (req, res) => { try { const { username, password } = req.body // 查找用户 const user = users.find(u => u.username === username && u.password === password) if (user) { const token = jwt.sign({ id: user.id, username: user.username, role: user.role }, JWT_SECRET, { expiresIn: '2h' }) return res.json({ code: 200, message: '登录成功', data: { token } }) } res.status(401).json({ code: 401, message: '用户名或密码错误' }) } catch (err) { res.status(500).json({ code: 500, message: '服务器错误', error: err.message }) } } // 获取用户信息 exports.getUserInfo = async (req, res) => { try { // 从token中解析用户信息 const token = req.headers.authorization?.replace('Bearer ', '') if (!token) { return res.status(401).json({ code: 401, message: '未提供认证令牌' }) } try { const decoded = jwt.verify(token, JWT_SECRET) const user = users.find(u => u.id === decoded.id) if (user) { const userInfo = { id: user.id, username: user.username, name: user.name, role: user.role, avatar: '', email: user.email, permissions: ['dashboard', 'users', 'settings'] } return res.json({ code: 200, message: '获取用户信息成功', data: userInfo }) } else { return res.status(401).json({ code: 401, message: '用户不存在' }) } } catch (jwtError) { return res.status(401).json({ code: 401, message: '认证令牌无效' }) } } catch (err) { res.status(500).json({ code: 500, message: '服务器错误', error: err.message }) } }