v0.1.0

middleware/oauth.js

@@ -0,0 +1,118 @@
+const OAuthToken = require('../models/OAuthToken');
+
+// OAuth访问令牌验证中间件
+const authenticateOAuthToken = async (req, res, next) => {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
+
+  if (!token) {
+    return res.status(401).json({
+      success: false,
+      message: '访问令牌缺失'
+    });
+  }
+
+  try {
+    const tokenData = await OAuthToken.validateAccessToken(token);
+    if (!tokenData) {
+      return res.status(401).json({
+        success: false,
+        message: '访问令牌无效或已过期'
+      });
+    }
+
+    req.oauth = {
+      token: tokenData.token,
+      clientId: tokenData.client_id,
+      userId: tokenData.user_id,
+      scopes: tokenData.scopes,
+      username: tokenData.username,
+      email: tokenData.email
+    };
+    next();
+  } catch (error) {
+    console.error('OAuth令牌验证失败:', error);
+    return res.status(500).json({
+      success: false,
+      message: '服务器内部错误'
+    });
+  }
+};
+
+// 检查OAuth权限范围
+const requireScope = (requiredScope) => {
+  return (req, res, next) => {
+    if (!req.oauth) {
+      return res.status(401).json({
+        success: false,
+        message: '需要OAuth认证'
+      });
+    }
+
+    if (!req.oauth.scopes.includes(requiredScope)) {
+      return res.status(403).json({
+        success: false,
+        message: `需要权限范围: ${requiredScope}`
+      });
+    }
+
+    next();
+  };
+};
+
+// 检查多个权限范围（任一即可）
+const requireAnyScope = (requiredScopes) => {
+  return (req, res, next) => {
+    if (!req.oauth) {
+      return res.status(401).json({
+        success: false,
+        message: '需要OAuth认证'
+      });
+    }
+
+    const hasAnyScope = requiredScopes.some(scope => 
+      req.oauth.scopes.includes(scope)
+    );
+
+    if (!hasAnyScope) {
+      return res.status(403).json({
+        success: false,
+        message: `需要权限范围: ${requiredScopes.join(' 或 ')}`
+      });
+    }
+
+    next();
+  };
+};
+
+// 检查所有权限范围
+const requireAllScopes = (requiredScopes) => {
+  return (req, res, next) => {
+    if (!req.oauth) {
+      return res.status(401).json({
+        success: false,
+        message: '需要OAuth认证'
+      });
+    }
+
+    const hasAllScopes = requiredScopes.every(scope => 
+      req.oauth.scopes.includes(scope)
+    );
+
+    if (!hasAllScopes) {
+      return res.status(403).json({
+        success: false,
+        message: `需要所有权限范围: ${requiredScopes.join(', ')}`
+      });
+    }
+
+    next();
+  };
+};
+
+module.exports = {
+  authenticateOAuthToken,
+  requireScope,
+  requireAnyScope,
+  requireAllScopes
+};