90 lines
2.2 KiB
JavaScript
90 lines
2.2 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
||
const { User, Role } = require('../models');
|
||
|
||
/**
|
||
* 验证JWT Token的中间件
|
||
* @param {Object} req - 请求对象
|
||
* @param {Object} res - 响应对象
|
||
* @param {Function} next - 下一步函数
|
||
*/
|
||
const verifyToken = async (req, res, next) => {
|
||
try {
|
||
// 从请求头获取token
|
||
const authHeader = req.headers['authorization'];
|
||
const token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
|
||
|
||
if (!token) {
|
||
return res.status(401).json({
|
||
success: false,
|
||
message: '未授权'
|
||
});
|
||
}
|
||
|
||
// 验证token
|
||
const decoded = jwt.verify(token, process.env.JWT_SECRET || 'your_jwt_secret_key');
|
||
|
||
// 将用户信息添加到请求对象中
|
||
req.user = decoded;
|
||
next();
|
||
} catch (error) {
|
||
return res.status(401).json({
|
||
success: false,
|
||
message: '未授权'
|
||
});
|
||
}
|
||
};
|
||
|
||
/**
|
||
* 检查用户是否具有指定角色的中间件
|
||
* @param {string[]} roles - 允许访问的角色数组
|
||
* @returns {Function} 中间件函数
|
||
*/
|
||
const checkRole = (roles) => {
|
||
return async (req, res, next) => {
|
||
try {
|
||
const userId = req.user.id;
|
||
|
||
// 查询用户及其角色
|
||
const user = await User.findByPk(userId, {
|
||
include: [{
|
||
model: Role,
|
||
as: 'roles', // 添加as属性,指定关联别名
|
||
attributes: ['name']
|
||
}]
|
||
});
|
||
|
||
if (!user) {
|
||
return res.status(404).json({
|
||
success: false,
|
||
message: '用户不存在'
|
||
});
|
||
}
|
||
|
||
// 获取用户角色名称数组
|
||
const userRoles = user.roles.map(role => role.name);
|
||
|
||
// 检查用户是否具有所需角色
|
||
const hasRequiredRole = roles.some(role => userRoles.includes(role));
|
||
|
||
if (!hasRequiredRole) {
|
||
return res.status(403).json({
|
||
success: false,
|
||
message: '权限不足'
|
||
});
|
||
}
|
||
|
||
next();
|
||
} catch (error) {
|
||
console.error('角色检查错误:', error);
|
||
return res.status(500).json({
|
||
success: false,
|
||
message: '服务器内部错误'
|
||
});
|
||
}
|
||
};
|
||
};
|
||
|
||
module.exports = {
|
||
verifyToken,
|
||
checkRole
|
||
}; |