118 lines
2.6 KiB
JavaScript
118 lines
2.6 KiB
JavaScript
const OAuthToken = require('../models/OAuthToken');
|
|
|
|
// OAuth访问令牌验证中间件
|
|
const authenticateOAuthToken = async (req, res, next) => {
|
|
const authHeader = req.headers['authorization'];
|
|
const token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
|
|
|
|
if (!token) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: '访问令牌缺失'
|
|
});
|
|
}
|
|
|
|
try {
|
|
const tokenData = await OAuthToken.validateAccessToken(token);
|
|
if (!tokenData) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: '访问令牌无效或已过期'
|
|
});
|
|
}
|
|
|
|
req.oauth = {
|
|
token: tokenData.token,
|
|
clientId: tokenData.client_id,
|
|
userId: tokenData.user_id,
|
|
scopes: tokenData.scopes,
|
|
username: tokenData.username,
|
|
email: tokenData.email
|
|
};
|
|
next();
|
|
} catch (error) {
|
|
console.error('OAuth令牌验证失败:', error);
|
|
return res.status(500).json({
|
|
success: false,
|
|
message: '服务器内部错误'
|
|
});
|
|
}
|
|
};
|
|
|
|
// 检查OAuth权限范围
|
|
const requireScope = (requiredScope) => {
|
|
return (req, res, next) => {
|
|
if (!req.oauth) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: '需要OAuth认证'
|
|
});
|
|
}
|
|
|
|
if (!req.oauth.scopes.includes(requiredScope)) {
|
|
return res.status(403).json({
|
|
success: false,
|
|
message: `需要权限范围: ${requiredScope}`
|
|
});
|
|
}
|
|
|
|
next();
|
|
};
|
|
};
|
|
|
|
// 检查多个权限范围(任一即可)
|
|
const requireAnyScope = (requiredScopes) => {
|
|
return (req, res, next) => {
|
|
if (!req.oauth) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: '需要OAuth认证'
|
|
});
|
|
}
|
|
|
|
const hasAnyScope = requiredScopes.some(scope =>
|
|
req.oauth.scopes.includes(scope)
|
|
);
|
|
|
|
if (!hasAnyScope) {
|
|
return res.status(403).json({
|
|
success: false,
|
|
message: `需要权限范围: ${requiredScopes.join(' 或 ')}`
|
|
});
|
|
}
|
|
|
|
next();
|
|
};
|
|
};
|
|
|
|
// 检查所有权限范围
|
|
const requireAllScopes = (requiredScopes) => {
|
|
return (req, res, next) => {
|
|
if (!req.oauth) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: '需要OAuth认证'
|
|
});
|
|
}
|
|
|
|
const hasAllScopes = requiredScopes.every(scope =>
|
|
req.oauth.scopes.includes(scope)
|
|
);
|
|
|
|
if (!hasAllScopes) {
|
|
return res.status(403).json({
|
|
success: false,
|
|
message: `需要所有权限范围: ${requiredScopes.join(', ')}`
|
|
});
|
|
}
|
|
|
|
next();
|
|
};
|
|
};
|
|
|
|
module.exports = {
|
|
authenticateOAuthToken,
|
|
requireScope,
|
|
requireAnyScope,
|
|
requireAllScopes
|
|
}; |