Files
jurong_circle_agent_black/middleware/agentAuth.js

175 lines
4.7 KiB
JavaScript
Raw Normal View History

2025-09-04 10:49:10 +08:00
const jwt = require('jsonwebtoken');
2025-09-15 17:28:12 +08:00
const {getDB} = require('../database');
const {logger} = require('../config/logger');
2025-09-04 10:49:10 +08:00
// JWT密钥
const JWT_SECRET = process.env.JWT_SECRET || 'agent_jwt_secret_key_2024';
/**
* 代理身份验证中间件
* 验证JWT token并确保用户是激活的代理
*/
const agentAuth = async (req, res, next) => {
2025-09-15 17:28:12 +08:00
try {
const authHeader = req.header('Authorization');
const token = authHeader?.replace('Bearer ', '');
if (!token) {
return res.status(401).json({
success: false,
message: '未提供认证令牌'
});
}
// 验证JWT token
const decoded = jwt.verify(token, JWT_SECRET);
// 检查是否是代理角色
if (decoded.role !== 'agent') {
return res.status(403).json({
success: false,
message: '权限不足,需要代理身份'
});
}
// 查询代理信息确认状态
const [agents] = await getDB().execute(`
SELECT ra.id as agent_id,
ra.user_id,
ra.agent_code,
ra.status,
ra.region_id,
u.phone,
u.real_name,
u.user_type
FROM regional_agents ra
LEFT JOIN users u ON ra.user_id = u.id
WHERE ra.id = ?
`, [decoded.agentId]);
if (agents.length === 0) {
return res.status(401).json({
success: false,
message: '代理账号不存在'
});
}
2025-09-04 10:49:10 +08:00
2025-09-15 17:28:12 +08:00
const agent = agents[0];
2025-09-04 10:49:10 +08:00
2025-09-15 17:28:12 +08:00
// 检查代理状态
if (agent.status !== 'active') {
return res.status(403).json({
success: false,
message: '代理账号已被禁用或未激活'
});
}
2025-09-04 10:49:10 +08:00
2025-09-15 17:28:12 +08:00
// 将代理信息添加到请求对象中
req.agent = {
id: agent.agent_id,
userId: agent.user_id,
agentCode: agent.agent_code,
regionId: agent.region_id,
phone: agent.phone,
realName: agent.real_name,
userType: agent.user_type,
};
2025-09-04 10:49:10 +08:00
2025-09-15 17:28:12 +08:00
req.user = {
id: agent.user_id,
role: 'agent'
};
2025-09-04 10:49:10 +08:00
2025-09-15 17:28:12 +08:00
next();
} catch (error) {
console.log(error, 'regional_agents');
if (error.name === 'JsonWebTokenError') {
return res.status(401).json({
success: false,
message: '无效的认证令牌1'
});
}
if (error.name === 'TokenExpiredError') {
return res.status(401).json({
success: false,
message: '认证令牌已过期,请重新登录'
});
}
logger.error('代理身份验证失败', {
error: error.message,
stack: error.stack,
ip: req.ip
});
res.status(500).json({
success: false,
message: '身份验证失败'
});
2025-09-04 10:49:10 +08:00
}
};
/**
* 可选的代理身份验证中间件
* 如果提供了token则验证否则继续执行
*/
const optionalAgentAuth = async (req, res, next) => {
2025-09-15 17:28:12 +08:00
try {
const token = req.headers.authorization?.replace('Bearer ', '');
if (!token) {
return next();
}
// 验证JWT token
const decoded = jwt.verify(token, JWT_SECRET);
if (decoded.role === 'agent') {
// 查询代理信息
const [agents] = await getDB().execute(`
SELECT ra.id as agent_id,
ra.user_id,
ra.agent_code,
ra.status,
ra.region_id,
u.phone,
u.real_name
FROM regional_agents ra
LEFT JOIN users u ON ra.user_id = u.id
WHERE ra.id = ?
AND ra.status = 'active'
`, [decoded.agentId]);
if (agents.length > 0) {
const agent = agents[0];
req.agent = {
id: agent.agent_id,
userId: agent.user_id,
agentCode: agent.agent_code,
regionId: agent.region_id,
phone: agent.phone,
realName: agent.real_name
};
req.user = {
id: agent.user_id,
role: 'agent'
};
}
}
next();
} catch (error) {
// 可选验证失败时不阻止请求继续
next();
2025-09-04 10:49:10 +08:00
}
};
module.exports = {
2025-09-15 17:28:12 +08:00
agentAuth,
optionalAgentAuth
2025-09-04 10:49:10 +08:00
};