quanyoumi/backend/middleware/auth.js

20 lines
448 B
JavaScript

const jwt = require('jsonwebtoken');
const auth = (req, res, next) => {
const token = req.header('Authorization')?.replace('Bearer ', '');
if (!token) {
return res.status(401).json({ error: '未授权访问' });
}
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.adminId = decoded.id;
next();
} catch (error) {
res.status(401).json({ error: '无效的token' });
}
};
module.exports = auth;