"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.requireAdmin = exports.authorizeRole = exports.authenticateToken = void 0;
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
const errorHandler_1 = require("./errorHandler");
const loggerService_1 = require("../services/loggerService");
const authenticateToken = (req, res, next) => {
    try {
        const authHeader = req.headers['authorization'];
        const token = authHeader && authHeader.split(' ')[1];
        if (!token) {
            loggerService_1.LoggerService.warn('认证失败：未提供认证令牌', {
                source: 'auth',
                module: 'authenticate_token',
                details: JSON.stringify({
                    path: req.path,
                    method: req.method,
                    ip: req.ip,
                    userAgent: req.get('user-agent')
                })
            }).catch(err => {
                console.error('认证失败日志写入失败:', err);
            });
            throw new errorHandler_1.AppError('未提供认证令牌', 401);
        }
        if (token.startsWith('mock_token_')) {
            const parts = token.split('_');
            if (parts.length < 3) {
                loggerService_1.LoggerService.warn('认证失败：无效的认证令牌', {
                    source: 'auth',
                    module: 'authenticate_token',
                    details: JSON.stringify({
                        tokenType: 'mock',
                        path: req.path,
                        method: req.method,
                        ip: req.ip
                    })
                }).catch(err => {
                    console.error('认证失败日志写入失败:', err);
                });
                throw new errorHandler_1.AppError('无效的认证令牌', 401);
            }
            const userId = parts[2];
            const UserModel = require('../models/user').UserModel;
            UserModel.getById(userId).then((user) => {
                if (!user) {
                    loggerService_1.LoggerService.warn('认证失败：用户不存在', {
                        source: 'auth',
                        module: 'authenticate_token',
                        details: JSON.stringify({
                            userId,
                            tokenType: 'mock',
                            path: req.path,
                            method: req.method,
                            ip: req.ip
                        })
                    }).catch(err => {
                        console.error('认证失败日志写入失败:', err);
                    });
                    throw new errorHandler_1.AppError('用户不存在', 401);
                }
                req.user = {
                    id: user.id,
                    username: user.username,
                    role: user.role
                };
                loggerService_1.LoggerService.info('认证成功', {
                    source: 'auth',
                    module: 'authenticate_token',
                    details: JSON.stringify({
                        userId: user.id,
                        username: user.username,
                        role: user.role,
                        tokenType: 'mock',
                        path: req.path,
                        method: req.method,
                        ip: req.ip
                    })
                }).catch(err => {
                    console.error('认证成功日志写入失败:', err);
                });
                next();
            }).catch((error) => {
                next(error);
            });
        }
        else {
            const decoded = jsonwebtoken_1.default.verify(token, process.env.JWT_SECRET);
            req.user = decoded;
            loggerService_1.LoggerService.info('认证成功', {
                source: 'auth',
                module: 'authenticate_token',
                details: JSON.stringify({
                    userId: decoded.id,
                    username: decoded.username,
                    role: decoded.role,
                    tokenType: 'jwt',
                    path: req.path,
                    method: req.method,
                    ip: req.ip
                })
            }).catch(err => {
                console.error('认证成功日志写入失败:', err);
            });
            next();
        }
    }
    catch (error) {
        if (error instanceof jsonwebtoken_1.default.JsonWebTokenError) {
            loggerService_1.LoggerService.warn('认证失败：无效的认证令牌', {
                source: 'auth',
                module: 'authenticate_token',
                details: JSON.stringify({
                    tokenType: 'jwt',
                    error: error.message,
                    path: req.path,
                    method: req.method,
                    ip: req.ip
                })
            }).catch((err) => {
                console.error('认证失败日志写入失败:', err);
            });
            next(new errorHandler_1.AppError('无效的认证令牌', 401));
        }
        else if (error instanceof jsonwebtoken_1.default.TokenExpiredError) {
            loggerService_1.LoggerService.warn('认证失败：认证令牌已过期', {
                source: 'auth',
                module: 'authenticate_token',
                details: JSON.stringify({
                    tokenType: 'jwt',
                    expiredAt: error.expiredAt,
                    path: req.path,
                    method: req.method,
                    ip: req.ip
                })
            }).catch((err) => {
                console.error('认证失败日志写入失败:', err);
            });
            next(new errorHandler_1.AppError('认证令牌已过期', 401));
        }
        else if (error instanceof Error) {
            next(error);
        }
        else {
            next(new errorHandler_1.AppError('认证失败', 401));
        }
    }
};
exports.authenticateToken = authenticateToken;
const authorizeRole = (roles) => {
    return (req, res, next) => {
        if (!req.user || !req.user.role || !roles.includes(req.user.role)) {
            loggerService_1.LoggerService.warn('授权失败：没有权限执行此操作', {
                source: 'auth',
                module: 'authorize_role',
                details: JSON.stringify({
                    userRole: req.user?.role,
                    requiredRoles: roles,
                    path: req.path,
                    method: req.method,
                    userId: req.user?.id,
                    username: req.user?.username,
                    ip: req.ip
                })
            }).catch(err => {
                console.error('授权失败日志写入失败:', err);
            });
            throw new errorHandler_1.AppError('没有权限执行此操作', 403);
        }
        loggerService_1.LoggerService.info('授权成功', {
            source: 'auth',
            module: 'authorize_role',
            details: JSON.stringify({
                userRole: req.user.role,
                requiredRoles: roles,
                path: req.path,
                method: req.method,
                userId: req.user.id,
                username: req.user.username,
                ip: req.ip
            })
        }).catch(err => {
            console.error('授权成功日志写入失败:', err);
        });
        next();
    };
};
exports.authorizeRole = authorizeRole;
exports.requireAdmin = (0, exports.authorizeRole)(['admin']);
//# sourceMappingURL=auth.js.map