126 lines
3.0 KiB
JavaScript
126 lines
3.0 KiB
JavaScript
|
const jwt = require('jsonwebtoken');
|
|||
|
|
const User = require('../models/User');
|
|||
|
|
|
|||
|
|
// JWT 密钥
|
|||
|
|
const JWT_SECRET = process.env.JWT_SECRET || 'rentease-secret-key';
|
|||
|
|
|
|||
|
|
// 生成 Token(2小时有效期)
|
|||
|
|
const generateToken = (user) => {
|
|||
|
|
return jwt.sign(
|
|||
|
|
{
|
|||
|
|
id: user.id,
|
|||
|
|
username: user.username,
|
|||
|
|
role: user.role?.code || user.role,
|
|||
|
|
userType: user.userType,
|
|||
|
|
tenantId: user.tenantId
|
|||
|
|
},
|
|||
|
|
JWT_SECRET,
|
|||
|
|
{ expiresIn: '2h' }
|
|||
|
|
);
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
// 验证 Token 中间件
|
|||
|
|
const authMiddleware = async (req, res, next) => {
|
|||
|
|
try {
|
|||
|
|
const authHeader = req.headers.authorization;
|
|||
|
|
|
|||
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|||
|
|
return res.status(401).json({
|
|||
|
|
code: 401,
|
|||
|
|
message: '未提供认证令牌'
|
|||
|
|
});
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
const token = authHeader.substring(7);
|
|||
|
|
|
|||
|
|
// 验证 Token
|
|||
|
|
const decoded = jwt.verify(token, JWT_SECRET);
|
|||
|
|
|
|||
|
|
// 检查用户是否存在且状态正常
|
|||
|
|
const user = await User.findOne({
|
|||
|
|
where: {
|
|||
|
|
id: decoded.id,
|
|||
|
|
status: 'active'
|
|||
|
|
},
|
|||
|
|
attributes: ['id', 'username', 'nickname', 'roleId', 'status', 'userType', 'tenantId'],
|
|||
|
|
include: [{
|
|||
|
|
model: require('../models/Role'),
|
|||
|
|
as: 'role',
|
|||
|
|
attributes: ['id', 'name', 'code']
|
|||
|
|
}]
|
|||
|
|
});
|
|||
|
|
|
|||
|
|
if (!user) {
|
|||
|
|
return res.status(401).json({
|
|||
|
|
code: 401,
|
|||
|
|
message: '用户不存在或已被禁用'
|
|||
|
|
});
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 将用户信息附加到请求对象
|
|||
|
|
req.user = user;
|
|||
|
|
req.tenantId = user.tenantId;
|
|||
|
|
next();
|
|||
|
|
} catch (error) {
|
|||
|
|
if (error.name === 'TokenExpiredError') {
|
|||
|
|
return res.status(401).json({
|
|||
|
|
code: 401,
|
|||
|
|
message: '登录已过期,请重新登录'
|
|||
|
|
});
|
|||
|
|
}
|
|||
|
|
if (error.name === 'JsonWebTokenError') {
|
|||
|
|
return res.status(401).json({
|
|||
|
|
code: 401,
|
|||
|
|
message: '无效的认证令牌'
|
|||
|
|
});
|
|||
|
|
}
|
|||
|
|
return res.status(500).json({
|
|||
|
|
code: 500,
|
|||
|
|
message: '认证失败',
|
|||
|
|
error: error.message
|
|||
|
|
});
|
|||
|
|
}
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
// 系统管理员权限检查中间件
|
|||
|
|
const superAdminMiddleware = (req, res, next) => {
|
|||
|
|
if (req.user.userType !== 'super_admin') {
|
|||
|
|
return res.status(403).json({
|
|||
|
|
code: 403,
|
|||
|
|
message: '没有权限执行此操作,需要系统管理员权限'
|
|||
|
|
});
|
|||
|
|
}
|
|||
|
|
next();
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
// 租户管理员权限检查中间件
|
|||
|
|
const tenantAdminMiddleware = (req, res, next) => {
|
|||
|
|
if (req.user.userType !== 'tenant_admin' && req.user.userType !== 'super_admin') {
|
|||
|
|
return res.status(403).json({
|
|||
|
|
code: 403,
|
|||
|
|
message: '没有权限执行此操作,需要租户管理员权限'
|
|||
|
|
});
|
|||
|
|
}
|
|||
|
|
next();
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
// 管理员权限检查中间件(包含超级管理员和租户管理员)
|
|||
|
|
const adminMiddleware = (req, res, next) => {
|
|||
|
|
if (req.user.userType !== 'super_admin' && req.user.userType !== 'tenant_admin') {
|
|||
|
|
return res.status(403).json({
|
|||
|
|
code: 403,
|
|||
|
|
message: '没有权限执行此操作,需要管理员权限'
|
|||
|
|
});
|
|||
|
|
}
|
|||
|
|
next();
|
|||
|
|
};
|
|||
|
|
|
|||
|
|
module.exports = {
|
|||
|
|
generateToken,
|
|||
|
|
authMiddleware,
|
|||
|
|
adminMiddleware,
|
|||
|
|
superAdminMiddleware,
|
|||
|
|
tenantAdminMiddleware,
|
|||
|
|
JWT_SECRET
|
|||
|
|
};
|