jurong_circle_agent_black/middleware/agentAuth.js

const jwt = require('jsonwebtoken');
const {getDB} = require('../database');
const {logger} = require('../config/logger');

// JWT密钥
const JWT_SECRET = process.env.JWT_SECRET || 'agent_jwt_secret_key_2024';

/**
 * 代理身份验证中间件
 * 验证JWT token并确保用户是激活的代理
 */
const agentAuth = async (req, res, next) => {
    try {
        const authHeader = req.header('Authorization');

        const token = authHeader?.replace('Bearer ', '');
        if (!token) {
            return res.status(401).json({
                success: false,
                message: '未提供认证令牌'
            });
        }

        // 验证JWT token
        const decoded = jwt.verify(token, JWT_SECRET);


        // 检查是否是代理角色
        if (decoded.role !== 'agent') {
            return res.status(403).json({
                success: false,
                message: '权限不足，需要代理身份'
            });
        }

        // 查询代理信息确认状态
        const [agents] = await getDB().execute(`
            SELECT ra.id as agent_id,
                   ra.user_id,
                   ra.agent_code,
                   ra.status,
                   ra.region_id,
                   u.phone,
                   u.real_name,
                   u.user_type
            FROM regional_agents ra
                     LEFT JOIN users u ON ra.user_id = u.id
            WHERE ra.id = ?
        `, [decoded.agentId]);
        if (agents.length === 0) {
            return res.status(401).json({
                success: false,
                message: '代理账号不存在'
            });
        }

        const agent = agents[0];

        // 检查代理状态
        if (agent.status !== 'active') {
            return res.status(403).json({
                success: false,
                message: '代理账号已被禁用或未激活'
            });
        }

        // 将代理信息添加到请求对象中
        req.agent = {
            id: agent.agent_id,
            userId: agent.user_id,
            agentCode: agent.agent_code,
            regionId: agent.region_id,
            phone: agent.phone,
            realName: agent.real_name,
            userType: agent.user_type,
        };

        req.user = {
            id: agent.user_id,
            role: 'agent'
        };

        next();

    } catch (error) {
        console.log(error, 'regional_agents');

        if (error.name === 'JsonWebTokenError') {
            return res.status(401).json({
                success: false,
                message: '无效的认证令牌1'
            });
        }

        if (error.name === 'TokenExpiredError') {
            return res.status(401).json({
                success: false,
                message: '认证令牌已过期，请重新登录'
            });
        }

        logger.error('代理身份验证失败', {
            error: error.message,
            stack: error.stack,
            ip: req.ip
        });

        res.status(500).json({
            success: false,
            message: '身份验证失败'
        });
    }
};

/**
 * 可选的代理身份验证中间件
 * 如果提供了token则验证，否则继续执行
 */
const optionalAgentAuth = async (req, res, next) => {
    try {
        const token = req.headers.authorization?.replace('Bearer ', '');

        if (!token) {
            return next();
        }

        // 验证JWT token
        const decoded = jwt.verify(token, JWT_SECRET);

        if (decoded.role === 'agent') {
            // 查询代理信息
            const [agents] = await getDB().execute(`
                SELECT ra.id as agent_id,
                       ra.user_id,
                       ra.agent_code,
                       ra.status,
                       ra.region_id,
                       u.phone,
                       u.real_name
                FROM regional_agents ra
                         LEFT JOIN users u ON ra.user_id = u.id
                WHERE ra.id = ?
                  AND ra.status = 'active'
            `, [decoded.agentId]);

            if (agents.length > 0) {
                const agent = agents[0];
                req.agent = {
                    id: agent.agent_id,
                    userId: agent.user_id,
                    agentCode: agent.agent_code,
                    regionId: agent.region_id,
                    phone: agent.phone,
                    realName: agent.real_name
                };

                req.user = {
                    id: agent.user_id,
                    role: 'agent'
                };
            }
        }

        next();

    } catch (error) {
        // 可选验证失败时不阻止请求继续
        next();
    }
};

module.exports = {
    agentAuth,
    optionalAgentAuth
};