Etusivu Tutki Apua
Kirjaudu sisään
hlm
/
multi-platform-media-manage
5
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Branch: ai_qwen
Branchit Tagit
multi-platfo...
/
server
/
src
/
middleware
/
auth.ts

auth.ts 2.5 KB
Pysyvä linkki Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. import { Request, Response, NextFunction } from 'express';
    2. 

  2. import jwt from 'jsonwebtoken';
    3. 

  3. import { config } from '../config/index.js';
    4. 

  4. import { AppError } from './error.js';
    5. 

  5. import { ERROR_CODES, HTTP_STATUS } from '@media-manager/shared';
    6. 

  6. import type { User, UserRole } from '@media-manager/shared';
    7. 

  7. 

  8. export interface JwtPayload {
    9. 

  9.   userId: number;
    10. 

  10.   username: string;
    11. 

  11.   role: UserRole;
    12. 

  12. }
    13. 

  13. 

  14. declare global {
    15. 

  15.   namespace Express {
    16. 

  16.     interface Request {
    17. 

  17.       user?: JwtPayload;
    18. 

  18.     }
    19. 

  19.   }
    20. 

  20. }
    21. 

  21. 

  22. /**
    23. 

  23.  * JWT 认证中间件
    24. 

  24.  */
    25. 

  25. export function authenticate(req: Request, _res: Response, next: NextFunction): void {
    26. 

  26.   const authHeader = req.headers.authorization;
    27. 

  27. 

  28.   if (!authHeader || !authHeader.startsWith('Bearer ')) {
    29. 

  29.     throw new AppError('未提供认证令牌', HTTP_STATUS.UNAUTHORIZED, ERROR_CODES.UNAUTHORIZED);
    30. 

  30.   }
    31. 

  31. 

  32.   const token = authHeader.substring(7);
    33. 

  33. 

  34.   try {
    35. 

  35.     const decoded = jwt.verify(token, config.jwt.secret) as JwtPayload;
    36. 

  36.     req.user = decoded;
    37. 

  37.     next();
    38. 

  38.   } catch (error) {
    39. 

  39.     if (error instanceof jwt.TokenExpiredError) {
    40. 

  40.       throw new AppError('认证令牌已过期', HTTP_STATUS.UNAUTHORIZED, ERROR_CODES.TOKEN_EXPIRED);
    41. 

  41.     }
    42. 

  42.     throw new AppError('无效的认证令牌', HTTP_STATUS.UNAUTHORIZED, ERROR_CODES.TOKEN_INVALID);
    43. 

  43.   }
    44. 

  44. }
    45. 

  45. 

  46. /**
    47. 

  47.  * 角色授权中间件
    48. 

  48.  */
    49. 

  49. export function authorize(...roles: UserRole[]) {
    50. 

  50.   return (req: Request, _res: Response, next: NextFunction): void => {
    51. 

  51.     if (!req.user) {
    52. 

  52.       throw new AppError('未认证', HTTP_STATUS.UNAUTHORIZED, ERROR_CODES.UNAUTHORIZED);
    53. 

  53.     }
    54. 

  54. 

  55.     if (!roles.includes(req.user.role)) {
    56. 

  56.       throw new AppError('没有权限执行此操作', HTTP_STATUS.FORBIDDEN, ERROR_CODES.FORBIDDEN);
    57. 

  57.     }
    58. 

  58. 

  59.     next();
    60. 

  60.   };
    61. 

  61. }
    62. 

  62. 

  63. /**
    64. 

  64.  * 生成访问令牌
    65. 

  65.  */
    66. 

  66. export function generateAccessToken(payload: JwtPayload): string {
    67. 

  67.   return jwt.sign(payload, config.jwt.secret, {
    68. 

  68.     expiresIn: config.jwt.accessExpiresIn,
    69. 

  69.   });
    70. 

  70. }
    71. 

  71. 

  72. /**
    73. 

  73.  * 生成刷新令牌
    74. 

  74.  */
    75. 

  75. export function generateRefreshToken(payload: JwtPayload): string {
    76. 

  76.   return jwt.sign(payload, config.jwt.secret, {
    77. 

  77.     expiresIn: config.jwt.refreshExpiresIn,
    78. 

  78.   });
    79. 

  79. }
    80. 

  80. 

  81. /**
    82. 

  82.  * 验证刷新令牌
    83. 

  83.  */
    84. 

  84. export function verifyRefreshToken(token: string): JwtPayload {
    85. 

  85.   try {
    86. 

  86.     return jwt.verify(token, config.jwt.secret) as JwtPayload;
    87. 

  87.   } catch (error) {
    88. 

  88.     if (error instanceof jwt.TokenExpiredError) {
    89. 

  89.       throw new AppError('刷新令牌已过期', HTTP_STATUS.UNAUTHORIZED, ERROR_CODES.TOKEN_EXPIRED);
    90. 

  90.     }
    91. 

  91.     throw new AppError('无效的刷新令牌', HTTP_STATUS.UNAUTHORIZED, ERROR_CODES.TOKEN_INVALID);
    92. 

  92.   }
    93. 

  93. }
    94.