jurong_circle_agent_black/middleware/agentAuth.js

const jwt = require('jsonwebtoken');
const { getDB } = require('../database');
const { logger } = require('../config/logger');

// JWT密钥
const JWT_SECRET = process.env.JWT_SECRET || 'agent_jwt_secret_key_2024';

/**
 * 代理身份验证中间件
 * 验证JWT token并确保用户是激活的代理
 */
const agentAuth = async (req, res, next) => {
  try { 
    const authHeader = req.header('Authorization');
    
    const token = authHeader?.replace('Bearer ', '');
    if (!token) {
      return res.status(401).json({
        success: false,
        message: '未提供认证令牌'
      });
    }

    // 验证JWT token
    const decoded = jwt.verify(token, JWT_SECRET);
    
    
    // 检查是否是代理角色
    if (decoded.role !== 'agent') {
      return res.status(403).json({
        success: false,
        message: '权限不足，需要代理身份'
      });
    }

    // 查询代理信息确认状态
    const [agents] = await getDB().execute(`
      SELECT 
        ra.id as agent_id,
        ra.user_id,
        ra.agent_code,
        ra.status,
        ra.region_id,
        u.phone,
        u.real_name
      FROM regional_agents ra
      LEFT JOIN users u ON ra.user_id = u.id
      WHERE ra.id = ?
    `, [decoded.agentId]);
    if (agents.length === 0) {
      return res.status(401).json({
        success: false,
        message: '代理账号不存在'
      });
    }

    const agent = agents[0];

    // 检查代理状态
    if (agent.status !== 'active') {
      return res.status(403).json({
        success: false,
        message: '代理账号已被禁用或未激活'
      });
    }

    // 将代理信息添加到请求对象中
    req.agent = {
      id: agent.agent_id,
      userId: agent.user_id,
      agentCode: agent.agent_code,
      regionId: agent.region_id,
      phone: agent.phone,
      realName: agent.real_name
    };

    req.user = {
      id: agent.user_id,
      role: 'agent'
    };

    next();

  } catch (error) {
    console.log(error,'regional_agents');
    
    if (error.name === 'JsonWebTokenError') {
      return res.status(401).json({
        success: false,
        message: '无效的认证令牌1'
      });
    }
    
    if (error.name === 'TokenExpiredError') {
      return res.status(401).json({
        success: false,
        message: '认证令牌已过期，请重新登录'
      });
    }

    logger.error('代理身份验证失败', {
      error: error.message,
      stack: error.stack,
      ip: req.ip
    });
    
    res.status(500).json({
      success: false,
      message: '身份验证失败'
    });
  }
};

/**
 * 可选的代理身份验证中间件
 * 如果提供了token则验证，否则继续执行
 */
const optionalAgentAuth = async (req, res, next) => {
  try {
    const token = req.headers.authorization?.replace('Bearer ', '');
    
    if (!token) {
      return next();
    }

    // 验证JWT token
    const decoded = jwt.verify(token, JWT_SECRET);
    
    if (decoded.role === 'agent') {
      // 查询代理信息
      const [agents] = await getDB().execute(`
        SELECT 
          ra.id as agent_id,
          ra.user_id,
          ra.agent_code,
          ra.status,
          ra.region_id,
          u.phone,
          u.real_name
        FROM regional_agents ra
        LEFT JOIN users u ON ra.user_id = u.id
        WHERE ra.id = ? AND ra.status = 'active'
      `, [decoded.agentId]);

      if (agents.length > 0) {
        const agent = agents[0];
        req.agent = {
          id: agent.agent_id,
          userId: agent.user_id,
          agentCode: agent.agent_code,
          regionId: agent.region_id,
          phone: agent.phone,
          realName: agent.real_name
        };

        req.user = {
          id: agent.user_id,
          role: 'agent'
        };
      }
    }

    next();

  } catch (error) {
    // 可选验证失败时不阻止请求继续
    next();
  }
};

module.exports = {
  agentAuth,
  optionalAgentAuth
};