Upload 18 files

config/auth.js

@@ -1,12 +1,22 @@
 const jwt = require('jsonwebtoken');
+const logger = require('../utils/logger');
 
 // 生成 JWT Token
 const generateToken = (userId) => {
-  return jwt.sign(
-    { id: userId },
-    process.env.JWT_SECRET,
-    { expiresIn: process.env.JWT_EXPIRE || '24h' }
-  );
+  try {
+    // 确保 userId 是字符串类型
+    const userIdStr = String(userId);
+    const token = jwt.sign(
+      { id: userIdStr },
+      process.env.JWT_SECRET,
+      { expiresIn: process.env.JWT_EXPIRE || '24h' }
+    );
+    logger.info(`为用户 ${userIdStr} 生成令牌成功`);
+    return token;
+  } catch (error) {
+    logger.error(`生成令牌失败: ${error.message}`);
+    throw error;
+  }
 };
 
 module.exports = { generateToken };

config/db.js

@@ -22,25 +22,30 @@ const connectDB = async () => {
 const createDefaultAdmin = async () => {
   try {
     const User = require('../models/User');
-    const bcrypt = require('bcryptjs');
-
+    
+    // 先检查环境变量
+    if (!process.env.ADMIN_USERNAME || !process.env.ADMIN_PASSWORD) {
+      logger.warn('管理员账户环境变量未设置，跳过默认管理员创建');
+      return;
+    }
+    
     // 检查是否已存在管理员用户
     const adminExists = await User.findOne({ username: process.env.ADMIN_USERNAME });
     
-    if (!adminExists && process.env.ADMIN_USERNAME && process.env.ADMIN_PASSWORD) {
-      // 创建管理员用户
-      const hashedPassword = await bcrypt.hash(process.env.ADMIN_PASSWORD, 10);
-      
-      await User.create({
+    if (!adminExists) {
+      // 不手动哈希密码，让模型的中间件处理加密
+      const admin = await User.create({
         username: process.env.ADMIN_USERNAME,
-        password: hashedPassword,
+        password: process.env.ADMIN_PASSWORD, // 直接使用原始密码
         isAdmin: true
       });
       
-      logger.info('Default admin user created');
+      logger.info(`默认管理员创建成功: ${admin._id}`);
+    } else {
+      logger.info('管理员账户已存在，无需创建');
     }
   } catch (error) {
-    logger.error(`Error creating default admin: ${error.message}`);
+    logger.error(`创建默认管理员出错: ${error.message}`);
   }
 };
 

controllers/authController.js

@@ -1,6 +1,7 @@
 const asyncHandler = require('express-async-handler');
 const User = require('../models/User');
 const { generateToken } = require('../config/auth');
+const logger = require('../utils/logger');
 
 // @desc    用户注册
 // @route   POST /api/auth/register
@@ -41,18 +42,33 @@ const registerUser = asyncHandler(async (req, res) => {
 const loginUser = asyncHandler(async (req, res) => {
   const { username, password } = req.body;
 
+  logger.info(`登录尝试: ${username}`);
+
   // 查找用户
   const user = await User.findOne({ username });
+  
+  if (!user) {
+    logger.warn(`用户不存在: ${username}`);
+    res.status(401);
+    throw new Error('用户名或密码错误');
+  }
+
+  // 检查密码
+  const isMatch = await user.matchPassword(password);
+  logger.info(`密码匹配结果: ${isMatch}`);
 
-  // 检查用户和密码
-  if (user && (await user.matchPassword(password))) {
+  if (isMatch) {
+    const token = generateToken(user._id);
+    logger.info(`登录成功: ${username}`);
+    
     res.json({
       _id: user._id,
       username: user.username,
       isAdmin: user.isAdmin,
-      token: generateToken(user._id),
+      token: token,
     });
   } else {
+    logger.warn(`密码不匹配: ${username}`);
     res.status(401);
     throw new Error('用户名或密码错误');
   }

middleware/auth.js

@@ -1,6 +1,7 @@
 const jwt = require('jsonwebtoken');
 const asyncHandler = require('express-async-handler');
 const User = require('../models/User');
+const logger = require('../utils/logger');
 
 // 保护路由 - 验证 JWT Token
 const protect = asyncHandler(async (req, res, next) => {
@@ -11,26 +12,29 @@ const protect = asyncHandler(async (req, res, next) => {
     try {
       // 获取 token
       token = req.headers.authorization.split(' ')[1];
+      logger.info(`验证令牌: ${token.substring(0, 15)}...`);
 
       // 验证 token
       const decoded = jwt.verify(token, process.env.JWT_SECRET);
+      logger.info(`令牌有效，用户ID: ${decoded.id}`);
 
       // 获取用户并添加到请求对象中，不包含密码
       req.user = await User.findById(decoded.id).select('-password');
 
       if (!req.user) {
+        logger.warn(`令牌有效但用户不存在: ${decoded.id}`);
         res.status(401);
         throw new Error('未授权，用户不存在');
       }
 
       next();
     } catch (error) {
+      logger.error(`令牌验证失败: ${error.message}`);
       res.status(401);
       throw new Error('未授权，token 无效');
     }
-  }
-
-  if (!token) {
+  } else {
+    logger.warn(`未提供认证令牌: ${req.originalUrl}`);
     res.status(401);
     throw new Error('未授权，未提供 token');
   }

models/User.js

@@ -26,17 +26,27 @@ const userSchema = new mongoose.Schema(
 
 // 密码匹配方法
 userSchema.methods.matchPassword = async function (enteredPassword) {
-  return await bcrypt.compare(enteredPassword, this.password);
+  try {
+    return await bcrypt.compare(enteredPassword, this.password);
+  } catch (error) {
+    console.error('密码比较出错:', error);
+    return false;
+  }
 };
 
 // 保存前加密密码
 userSchema.pre('save', async function (next) {
   if (!this.isModified('password')) {
-    next();
+    return next(); // 修复：确保不重复加密
   }
 
-  const salt = await bcrypt.genSalt(10);
-  this.password = await bcrypt.hash(this.password, salt);
+  try {
+    const salt = await bcrypt.genSalt(10);
+    this.password = await bcrypt.hash(this.password, salt);
+    next();
+  } catch (error) {
+    next(error);
+  }
 });
 
 const User = mongoose.model('User', userSchema);

server.js

@@ -10,6 +10,20 @@ const logger = require('./utils/logger');
 // 加载环境变量
 dotenv.config();
 
+// 验证关键环境变量
+const requiredEnvVars = ['MONGODB_URI', 'JWT_SECRET', 'ADMIN_USERNAME', 'ADMIN_PASSWORD'];
+const missingEnvVars = requiredEnvVars.filter(envVar => !process.env[envVar]);
+
+if (missingEnvVars.length > 0) {
+  logger.error(`缺少必要的环境变量: ${missingEnvVars.join(', ')}`);
+  process.exit(1);
+}
+
+logger.info('环境变量加载成功');
+logger.info(`NODE_ENV: ${process.env.NODE_ENV}`);
+logger.info(`ADMIN_USERNAME: ${process.env.ADMIN_USERNAME}`);
+logger.info(`JWT_SECRET: ${process.env.JWT_SECRET ? '已设置' : '未设置'}`);
+
 // 初始化 Express 应用
 const app = express();