aiotagro/nxxmdata
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改保险后端代码,政府前端代码

Browse Source
This commit is contained in:
dengyuxin
2025-09-22 17:56:30 +08:00
parent 3143c3ad0b
commit 02a25515a9
206 changed files with 35119 additions and 43073 deletions
Download Patch File Download Diff File Expand all files Collapse all files

208
bank-backend/middleware/auth.js
View File

@@ -1,43 +1,44 @@
/**
* 认证中间件
* @file auth.js
* @description 处理用户认证和授权
* @description JWT认证中间件
*/
const jwt = require('jsonwebtoken');
const { User, Role } = require('../models');
const { User } = require('../models');
/**
* 验证JWT令牌
* JWT认证中间件
* @param {Object} req 请求对象
* @param {Object} res 响应对象
* @param {Function} next 下一个中间件
*/
const verifyToken = async (req, res, next) => {
const authMiddleware = async (req, res, next) => {
try {
const token = req.header('Authorization')?.replace('Bearer ', '');
// 从请求头获取token
const authHeader = req.headers.authorization;
if (!token) {
if (!authHeader || !authHeader.startsWith('Bearer ')) {
return res.status(401).json({
success: false,
message: '访问被拒绝,未提供令牌'
message: '未提供认证令牌'
});
}
const decoded = jwt.verify(token, process.env.JWT_SECRET);
const user = await User.findByPk(decoded.id, {
include: [{
model: Role,
as: 'role'
}]
});
const token = authHeader.substring(7); // 移除 'Bearer ' 前缀
// 验证token
const decoded = jwt.verify(token, process.env.JWT_SECRET || 'your_jwt_secret_key_here');
// 查找用户
const user = await User.findByPk(decoded.userId);
if (!user) {
return res.status(401).json({
success: false,
message: '令牌无效,用户不存在'
message: '用户不存在'
});
}
// 检查用户状态
if (user.status !== 'active') {
return res.status(401).json({
success: false,
@@ -45,54 +46,57 @@ const verifyToken = async (req, res, next) => {
});
}
req.user = user;
// 将用户信息添加到请求对象
req.user = {
userId: user.id,
username: user.username,
role: decoded.role
};
next();
} catch (error) {
if (error.name === 'JsonWebTokenError') {
return res.status(401).json({
success: false,
message: '无效的认证令牌'
});
}
if (error.name === 'TokenExpiredError') {
return res.status(401).json({
success: false,
message: '令牌已过期'
});
} else if (error.name === 'JsonWebTokenError') {
return res.status(401).json({
success: false,
message: '令牌无效'
});
} else {
console.error('认证中间件错误:', error);
return res.status(500).json({
success: false,
message: '服务器内部错误'
message: '认证令牌已过期'
});
}
console.error('认证中间件错误:', error);
res.status(500).json({
success: false,
message: '服务器内部错误'
});
}
};
/**
* 检查用户角色权限
* @param {String|Array} roles 允许的角色
* 角色权限中间件
* @param {Array|String} roles 允许的角色
* @returns {Function} 中间件函数
*/
const requireRole = (roles) => {
return async (req, res, next) => {
const roleMiddleware = (roles) => {
return (req, res, next) => {
try {
if (!req.user) {
const userRole = req.user?.role;
if (!userRole) {
return res.status(401).json({
success: false,
message: '请先登录'
});
}
const userRole = req.user.role;
if (!userRole) {
return res.status(403).json({
success: false,
message: '用户角色未分配'
message: '未认证用户'
});
}
const allowedRoles = Array.isArray(roles) ? roles : [roles];
if (!allowedRoles.includes(userRole.name)) {
if (!allowedRoles.includes(userRole)) {
return res.status(403).json({
success: false,
message: '权限不足'
@@ -101,8 +105,8 @@ const requireRole = (roles) => {
next();
} catch (error) {
console.error('角色权限检查错误:', error);
return res.status(500).json({
console.error('角色权限中间件错误:', error);
res.status(500).json({
success: false,
message: '服务器内部错误'
});
@@ -111,116 +115,24 @@ const requireRole = (roles) => {
};
/**
* 检查用户权限级别
* @param {Number} minLevel 最小权限级别
* @returns {Function} 中间件函数
* 管理员权限中间件
*/
const requireLevel = (minLevel) => {
return async (req, res, next) => {
try {
if (!req.user) {
return res.status(401).json({
success: false,
message: '请先登录'
});
}
const userRole = req.user.role;
if (!userRole || userRole.level < minLevel) {
return res.status(403).json({
success: false,
message: '权限级别不足'
});
}
next();
} catch (error) {
console.error('权限级别检查错误:', error);
return res.status(500).json({
success: false,
message: '服务器内部错误'
});
}
};
};
const adminMiddleware = roleMiddleware(['admin']);
/**
* 可选认证中间件(不强制要求登录)
* @param {Object} req 请求对象
* @param {Object} res 响应对象
* @param {Function} next 下一个中间件
* 管理员或经理权限中间件
*/
const optionalAuth = async (req, res, next) => {
try {
const token = req.header('Authorization')?.replace('Bearer ', '');
if (token) {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
const user = await User.findByPk(decoded.id, {
include: [{
model: Role,
as: 'role'
}]
});
if (user && user.status === 'active') {
req.user = user;
}
}
next();
} catch (error) {
// 可选认证失败时不返回错误,继续执行
next();
}
};
const managerMiddleware = roleMiddleware(['admin', 'manager']);
/**
* 检查账户所有权
* @param {Object} req 请求对象
* @param {Object} res 响应对象
* @param {Function} next 下一个中间件
* 管理员、经理或柜员权限中间件
*/
const checkAccountOwnership = async (req, res, next) => {
try {
const { accountId } = req.params;
const userId = req.user.id;
// 管理员可以访问所有账户
if (req.user.role && req.user.role.name === 'admin') {
return next();
}
const { Account } = require('../models');
const account = await Account.findOne({
where: {
id: accountId,
user_id: userId
}
});
if (!account) {
return res.status(403).json({
success: false,
message: '无权访问该账户'
});
}
req.account = account;
next();
} catch (error) {
console.error('账户所有权检查错误:', error);
return res.status(500).json({
success: false,
message: '服务器内部错误'
});
}
};
const tellerMiddleware = roleMiddleware(['admin', 'manager', 'teller']);
module.exports = {
verifyToken,
requireRole,
requireLevel,
optionalAuth,
checkAccountOwnership
authMiddleware,
roleMiddleware,
adminMiddleware,
managerMiddleware,
tellerMiddleware
};