初次提交

middleware/agentAuth.js

@@ -0,0 +1,171 @@
+const jwt = require('jsonwebtoken');
+const { getDB } = require('../database');
+const { logger } = require('../config/logger');
+
+// JWT密钥
+const JWT_SECRET = process.env.JWT_SECRET || 'agent_jwt_secret_key_2024';
+
+/**
+ * 代理身份验证中间件
+ * 验证JWT token并确保用户是激活的代理
+ */
+const agentAuth = async (req, res, next) => {
+  try {
+    const token = req.headers.authorization?.replace('Bearer ', '');
+    
+    if (!token) {
+      return res.status(401).json({
+        success: false,
+        message: '未提供认证令牌'
+      });
+    }
+
+    // 验证JWT token
+    const decoded = jwt.verify(token, JWT_SECRET);
+    
+    // 检查是否是代理角色
+    if (decoded.role !== 'agent') {
+      return res.status(403).json({
+        success: false,
+        message: '权限不足，需要代理身份'
+      });
+    }
+
+    // 查询代理信息确认状态
+    const [agents] = await getDB().execute(`
+      SELECT 
+        ra.id as agent_id,
+        ra.user_id,
+        ra.agent_code,
+        ra.status,
+        ra.region_id,
+        u.phone,
+        u.real_name
+      FROM regional_agents ra
+      LEFT JOIN users u ON ra.user_id = u.id
+      WHERE ra.id = ?
+    `, [decoded.agentId]);
+
+    if (agents.length === 0) {
+      return res.status(401).json({
+        success: false,
+        message: '代理账号不存在'
+      });
+    }
+
+    const agent = agents[0];
+
+    // 检查代理状态
+    if (agent.status !== 'active') {
+      return res.status(403).json({
+        success: false,
+        message: '代理账号已被禁用或未激活'
+      });
+    }
+
+    // 将代理信息添加到请求对象中
+    req.agent = {
+      id: agent.agent_id,
+      userId: agent.user_id,
+      agentCode: agent.agent_code,
+      regionId: agent.region_id,
+      phone: agent.phone,
+      realName: agent.real_name
+    };
+
+    req.user = {
+      id: agent.user_id,
+      role: 'agent'
+    };
+
+    next();
+
+  } catch (error) {
+    if (error.name === 'JsonWebTokenError') {
+      return res.status(401).json({
+        success: false,
+        message: '无效的认证令牌'
+      });
+    }
+    
+    if (error.name === 'TokenExpiredError') {
+      return res.status(401).json({
+        success: false,
+        message: '认证令牌已过期，请重新登录'
+      });
+    }
+
+    logger.error('代理身份验证失败', {
+      error: error.message,
+      stack: error.stack,
+      ip: req.ip
+    });
+    
+    res.status(500).json({
+      success: false,
+      message: '身份验证失败'
+    });
+  }
+};
+
+/**
+ * 可选的代理身份验证中间件
+ * 如果提供了token则验证，否则继续执行
+ */
+const optionalAgentAuth = async (req, res, next) => {
+  try {
+    const token = req.headers.authorization?.replace('Bearer ', '');
+    
+    if (!token) {
+      return next();
+    }
+
+    // 验证JWT token
+    const decoded = jwt.verify(token, JWT_SECRET);
+    
+    if (decoded.role === 'agent') {
+      // 查询代理信息
+      const [agents] = await getDB().execute(`
+        SELECT 
+          ra.id as agent_id,
+          ra.user_id,
+          ra.agent_code,
+          ra.status,
+          ra.region_id,
+          u.phone,
+          u.real_name
+        FROM regional_agents ra
+        LEFT JOIN users u ON ra.user_id = u.id
+        WHERE ra.id = ? AND ra.status = 'active'
+      `, [decoded.agentId]);
+
+      if (agents.length > 0) {
+        const agent = agents[0];
+        req.agent = {
+          id: agent.agent_id,
+          userId: agent.user_id,
+          agentCode: agent.agent_code,
+          regionId: agent.region_id,
+          phone: agent.phone,
+          realName: agent.real_name
+        };
+
+        req.user = {
+          id: agent.user_id,
+          role: 'agent'
+        };
+      }
+    }
+
+    next();
+
+  } catch (error) {
+    // 可选验证失败时不阻止请求继续
+    next();
+  }
+};
+
+module.exports = {
+  agentAuth,
+  optionalAgentAuth
+};