const jwt = require('jsonwebtoken'); const { UserDB } = require('./database'); // JWT密钥(生产环境应该放在环境变量中) const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-in-production'; // 生成JWT Token function generateToken(user) { return jwt.sign( { id: user.id, username: user.username, is_admin: user.is_admin }, JWT_SECRET, { expiresIn: '7d' } ); } // 验证Token中间件 function authMiddleware(req, res, next) { // 从请求头、cookie或URL参数中获取token const token = req.headers.authorization?.replace('Bearer ', '') || req.cookies?.token || req.query?.token; if (!token) { return res.status(401).json({ success: false, message: '未提供认证令牌' }); } try { const decoded = jwt.verify(token, JWT_SECRET); const user = UserDB.findById(decoded.id); if (!user) { return res.status(401).json({ success: false, message: '用户不存在' }); } if (user.is_banned) { return res.status(403).json({ success: false, message: '账号已被封禁' }); } if (!user.is_active) { return res.status(403).json({ success: false, message: '账号未激活' }); } // 将用户信息附加到请求对象(包含所有存储相关字段) req.user = { id: user.id, username: user.username, email: user.email, is_admin: user.is_admin, has_ftp_config: user.has_ftp_config, ftp_host: user.ftp_host, ftp_port: user.ftp_port, ftp_user: user.ftp_user, ftp_password: user.ftp_password, http_download_base_url: user.http_download_base_url, // 存储相关字段(v2.0新增) storage_permission: user.storage_permission || 'sftp_only', current_storage_type: user.current_storage_type || 'sftp', local_storage_quota: user.local_storage_quota || 1073741824, local_storage_used: user.local_storage_used || 0 }; next(); } catch (error) { if (error.name === 'TokenExpiredError') { return res.status(401).json({ success: false, message: '令牌已过期' }); } return res.status(401).json({ success: false, message: '无效的令牌' }); } } // 管理员权限中间件 function adminMiddleware(req, res, next) { if (!req.user || !req.user.is_admin) { return res.status(403).json({ success: false, message: '需要管理员权限' }); } next(); } module.exports = { JWT_SECRET, generateToken, authMiddleware, adminMiddleware };