40 lines
1.1 KiB
JavaScript
40 lines
1.1 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
|
|
const revokedTokens = new Set();
|
|
|
|
const revokeToken = (jti) => revokedTokens.add(jti);
|
|
module.exports.revokeToken = revokeToken;
|
|
|
|
const rbacAuth = (...requiredPerms) => {
|
|
return (req, res, next) => {
|
|
const token = req.headers.authorization?.replace('Bearer ', '');
|
|
if (!token) {
|
|
return res.status(401).json({ success: false, message: '未登录' });
|
|
}
|
|
|
|
try {
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
|
|
if (decoded.jti && revokedTokens.has(decoded.jti)) {
|
|
return res.status(401).json({ success: false, message: 'token已失效' });
|
|
}
|
|
|
|
req.user = decoded;
|
|
|
|
if (requiredPerms.length > 0) {
|
|
const userPerms = decoded.permissions || [];
|
|
const hasPerm = requiredPerms.some(perm => userPerms.includes(perm));
|
|
if (!hasPerm) {
|
|
return res.status(403).json({ success: false, message: '权限不足' });
|
|
}
|
|
}
|
|
|
|
next();
|
|
} catch (err) {
|
|
return res.status(401).json({ success: false, message: 'token无效或已过期' });
|
|
}
|
|
};
|
|
};
|
|
|
|
module.exports = rbacAuth;
|