const jwt = require('jsonwebtoken'); const auth = (req, res, next) => { const token = req.header('Authorization')?.replace('Bearer ', ''); if (!token) { return res.status(401).json({ error: '未授权访问' }); } try { const decoded = jwt.verify(token, process.env.JWT_SECRET); req.adminId = decoded.id; next(); } catch (error) { res.status(401).json({ error: '无效的token' }); } }; module.exports = auth;