221 lines
6.0 KiB
JavaScript
221 lines
6.0 KiB
JavaScript
const express = require('express');
|
|
const router = express.Router();
|
|
const { loginLib, stringToBuffer } = require('../utils/systemMonitor');
|
|
const jwt = require('jsonwebtoken');
|
|
|
|
// JWT密钥
|
|
const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key';
|
|
|
|
// 生成token
|
|
const generateToken = (user) => {
|
|
return jwt.sign(
|
|
{
|
|
id: user.id,
|
|
username: user.username,
|
|
access_level: user.access_level,
|
|
full_name: user.full_name,
|
|
phone: user.phone,
|
|
email: user.email,
|
|
department: user.department,
|
|
position: user.position
|
|
},
|
|
JWT_SECRET,
|
|
{ expiresIn: '24h' }
|
|
);
|
|
};
|
|
|
|
// 登录API路由
|
|
router.post('/login', (req, res) => {
|
|
const { username, password } = req.body;
|
|
|
|
if (!username || !password) {
|
|
return res.status(400).json({ success: false, message: '用户名和密码不能为空' });
|
|
}
|
|
|
|
try {
|
|
if (!loginLib) {
|
|
throw new Error('动态库未正确加载');
|
|
}
|
|
|
|
const usernameData = stringToBuffer(username);
|
|
const passwordData = stringToBuffer(password);
|
|
|
|
try {
|
|
const userId = loginLib.validateUser(
|
|
usernameData.buffer,
|
|
usernameData.length,
|
|
passwordData.buffer,
|
|
passwordData.length
|
|
);
|
|
|
|
if (userId > 0) {
|
|
try {
|
|
const userInfoStr = loginLib.getUserInfo(userId);
|
|
let userInfo;
|
|
try {
|
|
userInfo = JSON.parse(userInfoStr);
|
|
|
|
// 生成token
|
|
const token = generateToken(userInfo);
|
|
|
|
// 设置HttpOnly Cookie
|
|
res.cookie('authToken', token, {
|
|
httpOnly: true,
|
|
secure: process.env.NODE_ENV === 'production', // 在生产环境中使用HTTPS
|
|
sameSite: 'strict',
|
|
maxAge: 24 * 60 * 60 * 1000 // 24小时
|
|
});
|
|
|
|
// 返回用户信息时排除密码字段
|
|
const { password, ...userInfoWithoutPassword } = userInfo;
|
|
|
|
res.json({
|
|
success: true,
|
|
message: '登录成功',
|
|
user: userInfoWithoutPassword // 返回不包含密码的用户信息
|
|
});
|
|
} finally {
|
|
if (userInfoStr) {
|
|
//loginLib.freeUserInfo(userInfoStr);
|
|
}
|
|
}
|
|
} catch (userInfoError) {
|
|
console.error('获取用户信息失败:', userInfoError);
|
|
res.status(500).json({
|
|
success: false,
|
|
message: '获取用户信息失败',
|
|
error: userInfoError.message
|
|
});
|
|
}
|
|
} else {
|
|
res.json({ success: false, message: '用户名或密码错误' });
|
|
}
|
|
} catch (callError) {
|
|
throw callError;
|
|
}
|
|
} catch (error) {
|
|
console.error('登录处理过程出错:', error);
|
|
res.status(500).json({
|
|
success: false,
|
|
message: '服务器内部错误',
|
|
error: error.message
|
|
});
|
|
}
|
|
});
|
|
|
|
// 登出API路由
|
|
router.post('/logout', (req, res) => {
|
|
res.clearCookie('authToken');
|
|
res.json({
|
|
success: true,
|
|
message: '已安全退出登录'
|
|
});
|
|
});
|
|
|
|
// 认证检查API路由
|
|
router.get('/check-auth', (req, res) => {
|
|
try {
|
|
const token = req.cookies.authToken;
|
|
|
|
if (!token) {
|
|
return res.json({
|
|
success: false,
|
|
message: '未登录'
|
|
});
|
|
}
|
|
|
|
// 验证token
|
|
const user = jwt.verify(token, JWT_SECRET);
|
|
|
|
res.json({
|
|
success: true,
|
|
user: user // 返回完整的用户信息(不包含密码)
|
|
});
|
|
} catch (error) {
|
|
console.error('认证检查错误:', error);
|
|
res.json({
|
|
success: false,
|
|
message: '登录已过期'
|
|
});
|
|
}
|
|
});
|
|
|
|
// 注册用户API路由
|
|
router.post('/register', (req, res) => {
|
|
const { username, password, userInfo } = req.body;
|
|
|
|
if (!username || !password || !userInfo) {
|
|
return res.status(400).json({ success: false, message: '用户名、密码和用户信息不能为空' });
|
|
}
|
|
|
|
try {
|
|
if (!loginLib) {
|
|
throw new Error('动态库未正确加载');
|
|
}
|
|
|
|
const usernameData = stringToBuffer(username);
|
|
const passwordData = stringToBuffer(password);
|
|
const userInfoData = stringToBuffer(JSON.stringify(userInfo));
|
|
|
|
try {
|
|
const userId = loginLib.registerUser(
|
|
usernameData.buffer,
|
|
usernameData.length,
|
|
passwordData.buffer,
|
|
passwordData.length,
|
|
userInfoData.buffer,
|
|
userInfoData.length
|
|
);
|
|
|
|
switch (userId) {
|
|
case -1:
|
|
res.status(500).json({ success: false, message: '注册失败:一般错误' });
|
|
break;
|
|
case -2:
|
|
res.status(400).json({ success: false, message: '用户名已存在' });
|
|
break;
|
|
case -3:
|
|
res.status(400).json({ success: false, message: '无效的用户信息格式' });
|
|
break;
|
|
default:
|
|
if (userId > 0) {
|
|
res.json({
|
|
success: true,
|
|
message: '注册成功',
|
|
userId: userId
|
|
});
|
|
} else {
|
|
res.status(500).json({ success: false, message: '未知错误' });
|
|
}
|
|
}
|
|
} catch (callError) {
|
|
throw callError;
|
|
}
|
|
} catch (error) {
|
|
console.error('注册处理过程出错:', error);
|
|
res.status(500).json({
|
|
success: false,
|
|
message: '服务器内部错误',
|
|
error: error.message
|
|
});
|
|
}
|
|
});
|
|
|
|
// 获取环境变量
|
|
router.get('/env', (req, res) => {
|
|
const { name } = req.query;
|
|
if (!name) {
|
|
return res.status(400).json({ error: '缺少环境变量名称参数' });
|
|
}
|
|
|
|
// 出于安全考虑,只允许查询特定的环境变量
|
|
const allowedEnvVars = ['XNCore', 'PATH'];
|
|
if (!allowedEnvVars.includes(name)) {
|
|
return res.status(403).json({ error: '不允许查询该环境变量' });
|
|
}
|
|
|
|
const value = process.env[name] || '';
|
|
res.json({ name, value });
|
|
});
|
|
|
|
module.exports = router;
|