import { verifyToken, decodeToken } from '../utils/jwt' import { getUserById } from '../modules/auth/user' import { hasPermission, PERMISSIONS } from '../modules/auth/permissions' import type { User } from 'server/modules/auth/types' declare module 'h3' { interface H3EventContext { user?: User } } export default defineEventHandler(async (event) => { const authHeader = getHeader(event, 'authorization') if (!authHeader || !authHeader.startsWith('Bearer ')) { return } const token = authHeader.substring(7) const payload = verifyToken(token) if (!payload || payload.type !== 'access') { return } const user = getUserById(payload.userId) if (user && user.status === 'active') { event.context.user = user } }) export function requireAuth(event: any) { if (!event.context.user) { throw createError({ statusCode: 401, message: '请先登录' }) } } export function requireRole(event: any, ...roles: string[]) { requireAuth(event) if (!event.context.user?.role_name) { throw createError({ statusCode: 403, message: '无权限访问' }) } if (!roles.includes(event.context.user.role_name)) { throw createError({ statusCode: 403, message: '无权限访问此资源' }) } } export function requirePermission(event: any, permission: string) { requireAuth(event) const user = event.context.user if (!user?.permissions || !hasPermission(user.permissions, permission)) { if (hasPermission(user?.permissions || [], PERMISSIONS.ADMIN_ACCESS)) { return } throw createError({ statusCode: 403, message: '无此操作权限' }) } } export function optionalAuth(event: any) { const authHeader = getHeader(event, 'authorization') if (!authHeader || !authHeader.startsWith('Bearer ')) { return } const token = authHeader.substring(7) const payload = verifyToken(token) if (!payload || payload.type !== 'access') { return } const user = getUserById(payload.userId) if (user && user.status === 'active') { event.context.user = user } } export function getCurrentUser(event: any): User | null { return event.context.user || null }