From dc747d5d434cc32b3bf829de911b2e6a3d4cbbcb Mon Sep 17 00:00:00 2001
From: aixianling <aixianling@sinoecare.com>
Date: Tue, 25 Feb 2025 11:08:26 +0800
Subject: [PATCH] =?UTF-8?q?feat(auth):=20=E6=B7=BB=E5=8A=A0=E7=AC=AC?=
 =?UTF-8?q?=E4=B8=89=E6=96=B9=20token=20=E9=AA=8C=E8=AF=81=E5=8A=9F?=
 =?UTF-8?q?=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 新增自定义中间件，用于解析和验证第三方 token
- 添加 verifyThirdPartyToken 模块实现第三方 token 验证逻辑
- 成功验证后，将第三方 token 转换为 JWT token 并设置在请求头中
- 保护所有下方路由，确保只有有效 token 才能访问受保护资源
---
 app.js                        | 20 +++++++++++++++++++-
 auth/verifyThirdPartyToken.js |  3 +++
 2 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 auth/verifyThirdPartyToken.js

diff --git a/app.js b/app.js
index d7984f0..aa15250 100644
--- a/app.js
+++ b/app.js
@@ -6,7 +6,7 @@ const koaJwt = require("koa-jwt");
 const fs = require("fs");
 const path = require("path");
 const bodyParser = require("koa-bodyparser");
-
+const verifyThirdPartyToken = require("./auth/verifyThirdPartyToken");
 const app = new Koa();
 app.use(bodyParser()); // 添加在路由中间件之前
 const router = new Router();
@@ -40,6 +40,24 @@ router.post("/login", (ctx) => {
   ctx.body = { token };
 });
 
+// 自定义中间件：解析并验证第三方Token
+app.use(async (ctx, next) => {
+  const authHeader = ctx.headers.authorization;
+  if (authHeader && authHeader.startsWith('Bearer ')) {
+    const thirdPartyToken = authHeader.split(' ')[1];
+    try {
+      // 这里假设第三方Token可以通过某种方式验证并转换为JWT Token
+      const decoded = verifyThirdPartyToken(thirdPartyToken); // 假设有一个验证函数
+      const jwtToken = jwt.sign(decoded, process.env.JWT_SECRET, { expiresIn: "1h" });
+      ctx.state.user = user; // 将用户信息存储在ctx.state中
+      ctx.headers.authorization = `Bearer ${jwtToken}`; // 替换为JWT Token
+    } catch (err) {
+      ctx.throw(401, 'Invalid third-party token');
+    }
+  }
+  await next();
+});
+
 // JWT中间件（保护下方所有路由）
 app.use(
   koaJwt({
diff --git a/auth/verifyThirdPartyToken.js b/auth/verifyThirdPartyToken.js
new file mode 100644
index 0000000..018e478
--- /dev/null
+++ b/auth/verifyThirdPartyToken.js
@@ -0,0 +1,3 @@
+module.exports = token=>{
+    return {token}
+}
\ No newline at end of file