Wang Zhuoxuan
0ca06df078
移除 fusion-auth-client、融合认证路由和阿里云 SDK 依赖, 同时保留 findOrCreatePhone、appSettings 表、auth-providers 管理端和 /auth/providers 端点等基础设施。
42 lines
1.0 KiB
TypeScript
42 lines
1.0 KiB
TypeScript
import { FastifyInstance } from 'fastify';
|
|
import fp from 'fastify-plugin';
|
|
import { UnauthorizedError } from '../utils/errors.js';
|
|
import type { JwtPayload } from '../types/auth.js';
|
|
|
|
// Extend @fastify/jwt's type system instead of decorating FastifyRequest
|
|
declare module '@fastify/jwt' {
|
|
interface FastifyJWT {
|
|
payload: JwtPayload;
|
|
}
|
|
}
|
|
|
|
async function authMiddleware(app: FastifyInstance): Promise<void> {
|
|
app.addHook('onRequest', async (request) => {
|
|
const publicPaths = [
|
|
'/health',
|
|
'/v1/auth/huawei',
|
|
'/v1/auth/guest',
|
|
'/v1/auth/phone',
|
|
'/v1/auth/refresh',
|
|
'/v1/auth/providers',
|
|
];
|
|
|
|
if (publicPaths.some((p) => request.url.startsWith(p))) {
|
|
return;
|
|
}
|
|
|
|
// Skip admin routes (handled by admin-auth middleware)
|
|
if (request.url.startsWith('/v1/admin')) {
|
|
return;
|
|
}
|
|
|
|
try {
|
|
await request.jwtVerify();
|
|
} catch {
|
|
throw new UnauthorizedError('Invalid or expired token');
|
|
}
|
|
});
|
|
}
|
|
|
|
export default fp(authMiddleware);
|