0dc45504f2
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
前端 AuthProvider 注入测试用户(BI-SCHEDULE-OPT),后端 middleware BYPASS_AUTH=true。 仅用于本地调试,禁止合并回 main。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
62 lines
1.7 KiB
TypeScript
62 lines
1.7 KiB
TypeScript
import type { Context, Next } from 'hono';
|
|
import jwt from 'jsonwebtoken';
|
|
import type { JwtPayload, AuthUser } from './types.js';
|
|
|
|
const JWT_SECRET = process.env.JWT_SECRET || 'ln-bi-default-secret';
|
|
|
|
// 临时:跳过所有认证(保留完整逻辑便于快速恢复)
|
|
// 临时:本地开发跳过认证
|
|
const BYPASS_AUTH = true;
|
|
|
|
export async function authMiddleware(c: Context, next: Next) {
|
|
const path = c.req.path;
|
|
|
|
if (BYPASS_AUTH) {
|
|
return next();
|
|
}
|
|
|
|
// 本地开发免登录开关:.env 里设 DEV_BYPASS_AUTH=1 启用
|
|
if (process.env.DEV_BYPASS_AUTH === '1') {
|
|
const devUser: AuthUser = {
|
|
userId: 'dev-local',
|
|
userName: '本地开发',
|
|
loginName: 'dev-local',
|
|
depCode: '',
|
|
depName: '',
|
|
permissionLevel: 'full',
|
|
roles: ['所有权限', 'BI-SCHEDULE-OPT', 'BI-ADMIN-FEEDBACK', 'BI-LEADER-ENERGY'],
|
|
};
|
|
c.set('user', devUser);
|
|
return next();
|
|
}
|
|
|
|
// 跳过不需要认证的路径
|
|
if (path === '/api/health' || path.startsWith('/api/auth/')) {
|
|
return next();
|
|
}
|
|
|
|
const authHeader = c.req.header('Authorization');
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
return c.json({ error: 'Unauthorized' }, 401);
|
|
}
|
|
|
|
const token = authHeader.slice(7);
|
|
|
|
try {
|
|
const payload = jwt.verify(token, JWT_SECRET) as JwtPayload;
|
|
const user: AuthUser = {
|
|
userId: payload.userId,
|
|
userName: payload.userName,
|
|
loginName: payload.loginName,
|
|
depCode: payload.depCode,
|
|
depName: payload.depName,
|
|
permissionLevel: payload.permissionLevel,
|
|
roles: payload.roles ?? [],
|
|
};
|
|
c.set('user', user);
|
|
return next();
|
|
} catch {
|
|
return c.json({ error: 'Invalid or expired token' }, 401);
|
|
}
|
|
}
|