湛兮
30 lines
947 B
TypeScript
30 lines
947 B
TypeScript
import type { FastifyRequest } from "fastify";
|
|
import { forbidden, unauthorized } from "../../shared/http-error";
|
|
import { authService } from "./auth.service";
|
|
|
|
// 统一 JWT 鉴权入口。后续新增需要登录的路由,复用这个 guard 即可。
|
|
export async function authGuard(request: FastifyRequest): Promise<void> {
|
|
const authorization = request.headers.authorization;
|
|
|
|
if (!authorization?.startsWith("Bearer ")) {
|
|
throw unauthorized("请先登录");
|
|
}
|
|
|
|
try {
|
|
await request.jwtVerify();
|
|
} catch {
|
|
throw unauthorized("登录已过期,请重新登录");
|
|
}
|
|
}
|
|
|
|
// 后台管理系统只允许超级管理员和拥有 admin 角色的员工访问。
|
|
export async function managementGuard(request: FastifyRequest): Promise<void> {
|
|
await authGuard(request);
|
|
|
|
const user = await authService.getCurrentUser(request.user);
|
|
|
|
if (!user.canManage) {
|
|
throw forbidden("当前账号没有后台管理权限");
|
|
}
|
|
}
|