| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193 |
- "use strict";
- var __importDefault = (this && this.__importDefault) || function (mod) {
- return (mod && mod.__esModule) ? mod : { "default": mod };
- };
- Object.defineProperty(exports, "__esModule", { value: true });
- exports.requireAdmin = exports.authorizeRole = exports.authenticateToken = void 0;
- const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
- const errorHandler_1 = require("./errorHandler");
- const loggerService_1 = require("../services/loggerService");
- const authenticateToken = (req, res, next) => {
- try {
- const authHeader = req.headers['authorization'];
- const token = authHeader && authHeader.split(' ')[1];
- if (!token) {
- loggerService_1.LoggerService.warn('认证失败:未提供认证令牌', {
- source: 'auth',
- module: 'authenticate_token',
- details: JSON.stringify({
- path: req.path,
- method: req.method,
- ip: req.ip,
- userAgent: req.get('user-agent')
- })
- }).catch(err => {
- console.error('认证失败日志写入失败:', err);
- });
- throw new errorHandler_1.AppError('未提供认证令牌', 401);
- }
- if (token.startsWith('mock_token_')) {
- const parts = token.split('_');
- if (parts.length < 3) {
- loggerService_1.LoggerService.warn('认证失败:无效的认证令牌', {
- source: 'auth',
- module: 'authenticate_token',
- details: JSON.stringify({
- tokenType: 'mock',
- path: req.path,
- method: req.method,
- ip: req.ip
- })
- }).catch(err => {
- console.error('认证失败日志写入失败:', err);
- });
- throw new errorHandler_1.AppError('无效的认证令牌', 401);
- }
- const userId = parts[2];
- const UserModel = require('../models/user').UserModel;
- UserModel.getById(userId).then((user) => {
- if (!user) {
- loggerService_1.LoggerService.warn('认证失败:用户不存在', {
- source: 'auth',
- module: 'authenticate_token',
- details: JSON.stringify({
- userId,
- tokenType: 'mock',
- path: req.path,
- method: req.method,
- ip: req.ip
- })
- }).catch(err => {
- console.error('认证失败日志写入失败:', err);
- });
- throw new errorHandler_1.AppError('用户不存在', 401);
- }
- req.user = {
- id: user.id,
- username: user.username,
- role: user.role
- };
- loggerService_1.LoggerService.info('认证成功', {
- source: 'auth',
- module: 'authenticate_token',
- details: JSON.stringify({
- userId: user.id,
- username: user.username,
- role: user.role,
- tokenType: 'mock',
- path: req.path,
- method: req.method,
- ip: req.ip
- })
- }).catch(err => {
- console.error('认证成功日志写入失败:', err);
- });
- next();
- }).catch((error) => {
- next(error);
- });
- }
- else {
- const decoded = jsonwebtoken_1.default.verify(token, process.env.JWT_SECRET);
- req.user = decoded;
- loggerService_1.LoggerService.info('认证成功', {
- source: 'auth',
- module: 'authenticate_token',
- details: JSON.stringify({
- userId: decoded.id,
- username: decoded.username,
- role: decoded.role,
- tokenType: 'jwt',
- path: req.path,
- method: req.method,
- ip: req.ip
- })
- }).catch(err => {
- console.error('认证成功日志写入失败:', err);
- });
- next();
- }
- }
- catch (error) {
- if (error instanceof jsonwebtoken_1.default.JsonWebTokenError) {
- loggerService_1.LoggerService.warn('认证失败:无效的认证令牌', {
- source: 'auth',
- module: 'authenticate_token',
- details: JSON.stringify({
- tokenType: 'jwt',
- error: error.message,
- path: req.path,
- method: req.method,
- ip: req.ip
- })
- }).catch((err) => {
- console.error('认证失败日志写入失败:', err);
- });
- next(new errorHandler_1.AppError('无效的认证令牌', 401));
- }
- else if (error instanceof jsonwebtoken_1.default.TokenExpiredError) {
- loggerService_1.LoggerService.warn('认证失败:认证令牌已过期', {
- source: 'auth',
- module: 'authenticate_token',
- details: JSON.stringify({
- tokenType: 'jwt',
- expiredAt: error.expiredAt,
- path: req.path,
- method: req.method,
- ip: req.ip
- })
- }).catch((err) => {
- console.error('认证失败日志写入失败:', err);
- });
- next(new errorHandler_1.AppError('认证令牌已过期', 401));
- }
- else if (error instanceof Error) {
- next(error);
- }
- else {
- next(new errorHandler_1.AppError('认证失败', 401));
- }
- }
- };
- exports.authenticateToken = authenticateToken;
- const authorizeRole = (roles) => {
- return (req, res, next) => {
- if (!req.user || !req.user.role || !roles.includes(req.user.role)) {
- loggerService_1.LoggerService.warn('授权失败:没有权限执行此操作', {
- source: 'auth',
- module: 'authorize_role',
- details: JSON.stringify({
- userRole: req.user?.role,
- requiredRoles: roles,
- path: req.path,
- method: req.method,
- userId: req.user?.id,
- username: req.user?.username,
- ip: req.ip
- })
- }).catch(err => {
- console.error('授权失败日志写入失败:', err);
- });
- throw new errorHandler_1.AppError('没有权限执行此操作', 403);
- }
- loggerService_1.LoggerService.info('授权成功', {
- source: 'auth',
- module: 'authorize_role',
- details: JSON.stringify({
- userRole: req.user.role,
- requiredRoles: roles,
- path: req.path,
- method: req.method,
- userId: req.user.id,
- username: req.user.username,
- ip: req.ip
- })
- }).catch(err => {
- console.error('授权成功日志写入失败:', err);
- });
- next();
- };
- };
- exports.authorizeRole = authorizeRole;
- exports.requireAdmin = (0, exports.authorizeRole)(['admin']);
- //# sourceMappingURL=auth.js.map
|
