8117958bd6
- Add user management with roles and permissions (RBAC) - Implement OAuth2 service provider supporting 4 grant types: authorization_code, password, client_credentials, refresh_token - Add JWT authentication with 7-day expiry - Add admin API for users, roles and OAuth clients management - Add CLI tool for user management (scripts/user-cli.js) - Add collapsible sidebar layout with login dialog - Add user management page and OAuth client management page - Add server middleware for auth token verification - Add seed script for initial data (admin/admin123)
54 lines
1.2 KiB
TypeScript
54 lines
1.2 KiB
TypeScript
import { verifyToken } from '../../utils/jwt'
|
|
import { getUserById } from '../../modules/auth/user'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const authHeader = getHeader(event, 'authorization')
|
|
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: '访问令牌不能为空'
|
|
})
|
|
}
|
|
|
|
const token = authHeader.substring(7)
|
|
const payload = verifyToken(token)
|
|
|
|
if (!payload || payload.type !== 'access') {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: '无效的访问令牌'
|
|
})
|
|
}
|
|
|
|
const user = getUserById(payload.userId)
|
|
if (!user) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
message: '用户不存在'
|
|
})
|
|
}
|
|
|
|
const scope = getQuery(event).scope as string | undefined
|
|
const scopes = scope?.split(' ') || []
|
|
|
|
const userInfo: Record<string, any> = {
|
|
sub: String(user.id),
|
|
name: user.real_name || user.username,
|
|
preferred_username: user.username
|
|
}
|
|
|
|
if (scopes.includes('email') || scopes.length === 0) {
|
|
userInfo.email = user.email
|
|
}
|
|
|
|
if (scopes.includes('profile') || scopes.length === 0) {
|
|
userInfo.profile = {
|
|
name: user.real_name,
|
|
picture: user.avatar
|
|
}
|
|
}
|
|
|
|
return userInfo
|
|
})
|