const jwt = require('jsonwebtoken'); const { getDB } = require('../database'); const { logger } = require('../config/logger'); // JWT密钥 const JWT_SECRET = process.env.JWT_SECRET || 'agent_jwt_secret_key_2024'; /** * 代理身份验证中间件 * 验证JWT token并确保用户是激活的代理 */ const agentAuth = async (req, res, next) => { try { const authHeader = req.header('Authorization'); const token = authHeader?.replace('Bearer ', ''); if (!token) { return res.status(401).json({ success: false, message: '未提供认证令牌' }); } // 验证JWT token const decoded = jwt.verify(token, JWT_SECRET); // 检查是否是代理角色 if (decoded.role !== 'agent') { return res.status(403).json({ success: false, message: '权限不足,需要代理身份' }); } // 查询代理信息确认状态 const [agents] = await getDB().execute(` SELECT ra.id as agent_id, ra.user_id, ra.agent_code, ra.status, ra.region_id, u.phone, u.real_name FROM regional_agents ra LEFT JOIN users u ON ra.user_id = u.id WHERE ra.id = ? `, [decoded.agentId]); if (agents.length === 0) { return res.status(401).json({ success: false, message: '代理账号不存在' }); } const agent = agents[0]; // 检查代理状态 if (agent.status !== 'active') { return res.status(403).json({ success: false, message: '代理账号已被禁用或未激活' }); } // 将代理信息添加到请求对象中 req.agent = { id: agent.agent_id, userId: agent.user_id, agentCode: agent.agent_code, regionId: agent.region_id, phone: agent.phone, realName: agent.real_name }; req.user = { id: agent.user_id, role: 'agent' }; next(); } catch (error) { console.log(error,'regional_agents'); if (error.name === 'JsonWebTokenError') { return res.status(401).json({ success: false, message: '无效的认证令牌1' }); } if (error.name === 'TokenExpiredError') { return res.status(401).json({ success: false, message: '认证令牌已过期,请重新登录' }); } logger.error('代理身份验证失败', { error: error.message, stack: error.stack, ip: req.ip }); res.status(500).json({ success: false, message: '身份验证失败' }); } }; /** * 可选的代理身份验证中间件 * 如果提供了token则验证,否则继续执行 */ const optionalAgentAuth = async (req, res, next) => { try { const token = req.headers.authorization?.replace('Bearer ', ''); if (!token) { return next(); } // 验证JWT token const decoded = jwt.verify(token, JWT_SECRET); if (decoded.role === 'agent') { // 查询代理信息 const [agents] = await getDB().execute(` SELECT ra.id as agent_id, ra.user_id, ra.agent_code, ra.status, ra.region_id, u.phone, u.real_name FROM regional_agents ra LEFT JOIN users u ON ra.user_id = u.id WHERE ra.id = ? AND ra.status = 'active' `, [decoded.agentId]); if (agents.length > 0) { const agent = agents[0]; req.agent = { id: agent.agent_id, userId: agent.user_id, agentCode: agent.agent_code, regionId: agent.region_id, phone: agent.phone, realName: agent.real_name }; req.user = { id: agent.user_id, role: 'agent' }; } } next(); } catch (error) { // 可选验证失败时不阻止请求继续 next(); } }; module.exports = { agentAuth, optionalAgentAuth };