89 lines
2.4 KiB
JavaScript
Raw Normal View History

/**
* 身份验证 + 权限检查中间件
*
* 人格体缓冲层铁律人类不直接操作系统人格体是唯一中间翻译层
* 版权国作登字-2026-A-00037559
*/
'use strict';
var permissions = require('../config/permissions');
var PERMISSION_LEVELS = permissions.PERMISSION_LEVELS;
var DEV_PERMISSIONS = permissions.DEV_PERMISSIONS;
var DEV_MODULES = permissions.DEV_MODULES;
/**
* 开发者身份验证中间件
* 要求请求头携带 x-dev-id authorization
*/
function requireAuth(req, res, next) {
var devId = req.headers['x-dev-id'];
var token = req.headers['authorization'];
if (!devId || !token) {
return res.status(401).json({
error: true,
code: 'AUTH_REQUIRED',
message: '请先登录。需要携带 x-dev-id 和 authorization 请求头。',
reply: '🔒 请先登录。你需要使用你的开发者编号登录系统。'
});
}
var devConfig = DEV_PERMISSIONS[devId];
if (!devConfig) {
return res.status(401).json({
error: true,
code: 'UNKNOWN_DEV',
message: '未知的开发者编号: ' + devId,
reply: '🔒 未知的开发者编号:' + devId + '。请联系冰朔注册。'
});
}
var level = PERMISSION_LEVELS[devConfig.level];
req.user = {
devId: devId,
permissionLevel: devConfig.level,
permissionLabel: level.label,
permissions: level.permissions,
environment: devConfig.environment,
modules: DEV_MODULES[devId] || []
};
next();
}
/**
* 权限检查中间件工厂
* @param {string} requiredPermission - 需要的权限标识
*/
function checkPermission(requiredPermission) {
return function(req, res, next) {
if (!req.user) {
return res.status(401).json({
error: true,
code: 'AUTH_REQUIRED',
message: '身份验证缺失'
});
}
if (!req.user.permissions.includes(requiredPermission)) {
return res.status(403).json({
error: true,
code: 'PERMISSION_DENIED',
message: '权限不足,需要: ' + requiredPermission,
reply: '🔒 权限不足。你的等级是 ' + req.user.permissionLabel +
',需要「' + requiredPermission + '」权限。\n\n' +
'💡 在预览站多练习,熟悉系统后冰朔会给你升级权限。'
});
}
next();
};
}
module.exports = {
requireAuth: requireAuth,
checkPermission: checkPermission
};