108 lines
2.9 KiB
JavaScript
108 lines
2.9 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
const { User, SystemUser, LadderUser, Store } = require('../models');
|
|
|
|
// 小程序用户认证
|
|
const authUser = async (req, res, next) => {
|
|
try {
|
|
const token = req.headers.authorization?.replace('Bearer ', '');
|
|
if (!token) {
|
|
return res.status(401).json({ code: 401, message: '请先登录' });
|
|
}
|
|
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
const user = await User.findByPk(decoded.userId);
|
|
|
|
if (!user || user.status !== 1) {
|
|
return res.status(401).json({ code: 401, message: '用户不存在或已禁用' });
|
|
}
|
|
|
|
req.user = user;
|
|
next();
|
|
} catch (error) {
|
|
if (error.name === 'TokenExpiredError') {
|
|
return res.status(401).json({ code: 401, message: '登录已过期,请重新登录' });
|
|
}
|
|
return res.status(401).json({ code: 401, message: '认证失败' });
|
|
}
|
|
};
|
|
|
|
// 后台管理员认证
|
|
const authAdmin = async (req, res, next) => {
|
|
try {
|
|
const token = req.headers.authorization?.replace('Bearer ', '');
|
|
if (!token) {
|
|
return res.status(401).json({ code: 401, message: '请先登录' });
|
|
}
|
|
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
const admin = await SystemUser.findByPk(decoded.adminId, {
|
|
include: [{ model: Store, as: 'store' }]
|
|
});
|
|
|
|
if (!admin || admin.status !== 1) {
|
|
return res.status(401).json({ code: 401, message: '账号不存在或已禁用' });
|
|
}
|
|
|
|
req.admin = admin;
|
|
next();
|
|
} catch (error) {
|
|
if (error.name === 'TokenExpiredError') {
|
|
return res.status(401).json({ code: 401, message: '登录已过期,请重新登录' });
|
|
}
|
|
return res.status(401).json({ code: 401, message: '认证失败' });
|
|
}
|
|
};
|
|
|
|
// 超级管理员权限验证
|
|
const requireSuperAdmin = (req, res, next) => {
|
|
if (req.admin.role !== 'super_admin') {
|
|
return res.status(403).json({ code: 403, message: '权限不足' });
|
|
}
|
|
next();
|
|
};
|
|
|
|
// 门店数据权限验证
|
|
const checkStoreAccess = (req, res, next) => {
|
|
const storeId = req.params.storeId || req.body.store_id || req.query.store_id;
|
|
|
|
// 超级管理员可访问所有门店
|
|
if (req.admin.role === 'super_admin') {
|
|
return next();
|
|
}
|
|
|
|
// 门店员工只能访问自己门店的数据
|
|
if (storeId && req.admin.store_id !== parseInt(storeId)) {
|
|
return res.status(403).json({ code: 403, message: '无权访问该门店数据' });
|
|
}
|
|
|
|
next();
|
|
};
|
|
|
|
// 天梯用户验证
|
|
const requireLadderUser = async (req, res, next) => {
|
|
const { store_id } = req.query;
|
|
|
|
const ladderUser = await LadderUser.findOne({
|
|
where: {
|
|
user_id: req.user.id,
|
|
store_id: store_id,
|
|
status: 1
|
|
}
|
|
});
|
|
|
|
if (!ladderUser) {
|
|
return res.status(403).json({ code: 403, message: '您还不是该门店的天梯用户' });
|
|
}
|
|
|
|
req.ladderUser = ladderUser;
|
|
next();
|
|
};
|
|
|
|
module.exports = {
|
|
authUser,
|
|
authAdmin,
|
|
requireSuperAdmin,
|
|
checkStoreAccess,
|
|
requireLadderUser
|
|
};
|