2026-05-10 13:12:44 +08:00

36 lines
818 B
JavaScript

/**
* FTCHAT 鉴权中间件
* 验证 Authorization Bearer token → req.ftUser
*/
'use strict';
const auth = require('../services/email-auth');
module.exports = function ftAuth(req, res, next) {
const header = req.headers['authorization'];
if (!header || !header.startsWith('Bearer ')) {
return res.status(401).json({
error: true,
code: 'AUTH_TOKEN_MISSING',
message: '请先登录'
});
}
const token = header.slice(7);
const result = auth.validateSession(token);
if (!result.valid) {
return res.status(401).json({
error: true,
code: 'AUTH_TOKEN_INVALID',
message: '登录已失效,请重新登录'
});
}
req.ftUser = {
email: result.email,
user_hash: result.user_hash,
slot_index: result.slot_index,
token
};
next();
};