nodejsrbac权限验证（匿名、普通、admin）

//中间件importjwtfrom"jsonwebtoken";import{resultFail}from"../common/utils";import{SECRET}from"./auth.controller";import{OPTION}from"./auth.controller";从"../common/constants"导入{ADMIN,NORMAL};exportletverifyAdmin=function(req,resp,next){try{consttoken=req.get("authorization").slice("Bearer".长度）;jwt.verify(token,SECRET,(error,res)=>{if(error){resp.status(401).json(resultFail(error));return;}console.log(OPTION.role)if(OPTION.role===ADMIN){next();}else{returnresp.status(401).json(resultFail(('NoPermission')));}});}catch(e){returnresp.status(401).json(resultFail(e));}};exportletverifyNormal=function(req,resp,next){try{consttoken=req.get("authorization").slice("Bearer".length);jwt.verify（令牌，SECRET,(error,res)=>{if(error){res.status(401).json(resultFail(error));返回;}if(OPTION.role===NORMAL){next();}else{res.status(401).json(resultFail(('NoPermission')));}});}catch(e){returnresp.status(401).json(resultFail(e));}};控制层接口'usestrict';import{Router}from'express';importDevicesControllerfrom'./devices.controller';import{verifyAdmin}from"./auth.middleware";constrouter=newRouter();router.route('/').post(DevicesController.apiGetDevices);router.route("/get-grouped-devices").post(DevicesController.apiGetGroupedDevices);router.route("/alias").post(verifyAdmin,DevicesController.apiSetDeviceAlias);exportdefaultrouter;//登录接口exportletSECRET;exportletOPTION;exportdefaultclassAuthController{staticasynclogin(req,res){try{const{name,password}=req.body;if(!name||typeofname!=="string"){res.status(400).json(resultFail("Badnameformat,expectedstring."));return;}if(!password||typeofpassword!=="string"){res.status(400).json(resultFail("错误的密码格式，预期的字符串。"));return;}letuserFromDB=awaitAuthDAO.getUser(name);if(!userFromDB){res.status(401).json(resultFail("确保你的名字是正确的。"));return;}constuser=newAuthUser(userFromDB);if(!(awaituser.comparePassword(password))){res.status(401).json(resultFail（“确保您的密码正确。”））；返回；}OPTION={令牌：user.encoded（），用户名：userFromDB.name，角色：userFromDB.privilege}res.send（resultSuccess（{auth_token：OPTION。token,...user.toJson()}))}catch(e){res.status(400).json(resultFail(e));}}}