const OAuthToken = require('../models/OAuthToken'); // OAuth访问令牌验证中间件 const authenticateOAuthToken = async (req, res, next) => { const authHeader = req.headers['authorization']; const token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN if (!token) { return res.status(401).json({ success: false, message: '访问令牌缺失' }); } try { const tokenData = await OAuthToken.validateAccessToken(token); if (!tokenData) { return res.status(401).json({ success: false, message: '访问令牌无效或已过期' }); } req.oauth = { token: tokenData.token, clientId: tokenData.client_id, userId: tokenData.user_id, scopes: tokenData.scopes, username: tokenData.username, email: tokenData.email }; next(); } catch (error) { console.error('OAuth令牌验证失败:', error); return res.status(500).json({ success: false, message: '服务器内部错误' }); } }; // 检查OAuth权限范围 const requireScope = (requiredScope) => { return (req, res, next) => { if (!req.oauth) { return res.status(401).json({ success: false, message: '需要OAuth认证' }); } if (!req.oauth.scopes.includes(requiredScope)) { return res.status(403).json({ success: false, message: `需要权限范围: ${requiredScope}` }); } next(); }; }; // 检查多个权限范围(任一即可) const requireAnyScope = (requiredScopes) => { return (req, res, next) => { if (!req.oauth) { return res.status(401).json({ success: false, message: '需要OAuth认证' }); } const hasAnyScope = requiredScopes.some(scope => req.oauth.scopes.includes(scope) ); if (!hasAnyScope) { return res.status(403).json({ success: false, message: `需要权限范围: ${requiredScopes.join(' 或 ')}` }); } next(); }; }; // 检查所有权限范围 const requireAllScopes = (requiredScopes) => { return (req, res, next) => { if (!req.oauth) { return res.status(401).json({ success: false, message: '需要OAuth认证' }); } const hasAllScopes = requiredScopes.every(scope => req.oauth.scopes.includes(scope) ); if (!hasAllScopes) { return res.status(403).json({ success: false, message: `需要所有权限范围: ${requiredScopes.join(', ')}` }); } next(); }; }; module.exports = { authenticateOAuthToken, requireScope, requireAnyScope, requireAllScopes };