43 lines
1.4 KiB
TypeScript
43 lines
1.4 KiB
TypeScript
import { Request, Response } from 'express'
|
|
import jwt from 'jsonwebtoken'
|
|
|
|
const JWT_SECRET = process.env.JWT_SECRET || 'jewelry-mall-secret'
|
|
const ADMIN_USERNAME = process.env.ADMIN_USERNAME || 'admin'
|
|
const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD || 'admin123'
|
|
|
|
export function adminLogin(req: Request, res: Response): void {
|
|
const { username, password } = req.body
|
|
|
|
if (!username || !password) {
|
|
res.status(400).json({ code: 400, message: '用户名和密码不能为空' })
|
|
return
|
|
}
|
|
|
|
if (username !== ADMIN_USERNAME || password !== ADMIN_PASSWORD) {
|
|
res.status(401).json({ code: 401, message: '用户名或密码错误' })
|
|
return
|
|
}
|
|
|
|
const token = jwt.sign({ role: 'admin', username }, JWT_SECRET, { expiresIn: '24h' })
|
|
res.json({ code: 0, data: { token } })
|
|
}
|
|
|
|
export function verifyAdmin(req: Request, res: Response, next: Function): void {
|
|
const authHeader = req.headers.authorization
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
res.status(401).json({ code: 401, message: '未授权' })
|
|
return
|
|
}
|
|
|
|
try {
|
|
const decoded = jwt.verify(authHeader.slice(7), JWT_SECRET) as { role: string }
|
|
if (decoded.role !== 'admin') {
|
|
res.status(403).json({ code: 403, message: '权限不足' })
|
|
return
|
|
}
|
|
next()
|
|
} catch {
|
|
res.status(401).json({ code: 401, message: 'token 无效或已过期' })
|
|
}
|
|
}
|