2026-03-01 03:04:24 +08:00
|
|
|
import { NextRequest, NextResponse } from 'next/server';
|
|
|
|
|
import { getEnv } from '@/lib/config';
|
|
|
|
|
import crypto from 'crypto';
|
|
|
|
|
|
2026-03-03 00:41:27 +08:00
|
|
|
function isLocalAdminToken(token: string): boolean {
|
2026-03-01 03:04:24 +08:00
|
|
|
const env = getEnv();
|
|
|
|
|
const expected = Buffer.from(env.ADMIN_TOKEN);
|
|
|
|
|
const received = Buffer.from(token);
|
|
|
|
|
|
|
|
|
|
if (expected.length !== received.length) return false;
|
|
|
|
|
return crypto.timingSafeEqual(expected, received);
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-03 00:41:27 +08:00
|
|
|
async function isSub2ApiAdmin(token: string): Promise<boolean> {
|
|
|
|
|
try {
|
|
|
|
|
const env = getEnv();
|
2026-03-03 01:56:22 +08:00
|
|
|
const controller = new AbortController();
|
|
|
|
|
const timeout = setTimeout(() => controller.abort(), 5000);
|
2026-03-03 00:41:27 +08:00
|
|
|
const response = await fetch(`${env.SUB2API_BASE_URL}/api/v1/auth/me`, {
|
|
|
|
|
headers: { Authorization: `Bearer ${token}` },
|
2026-03-03 01:56:22 +08:00
|
|
|
signal: controller.signal,
|
2026-03-03 00:41:27 +08:00
|
|
|
});
|
2026-03-03 01:56:22 +08:00
|
|
|
clearTimeout(timeout);
|
2026-03-03 00:41:27 +08:00
|
|
|
if (!response.ok) return false;
|
|
|
|
|
const data = await response.json();
|
|
|
|
|
return data.data?.role === 'admin';
|
|
|
|
|
} catch {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export async function verifyAdminToken(request: NextRequest): Promise<boolean> {
|
|
|
|
|
const token = request.nextUrl.searchParams.get('token');
|
|
|
|
|
if (!token) return false;
|
|
|
|
|
|
|
|
|
|
// 1. 本地 admin token
|
|
|
|
|
if (isLocalAdminToken(token)) return true;
|
|
|
|
|
|
|
|
|
|
// 2. Sub2API 管理员 token
|
|
|
|
|
return isSub2ApiAdmin(token);
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-01 03:04:24 +08:00
|
|
|
export function unauthorizedResponse() {
|
|
|
|
|
return NextResponse.json({ error: '未授权' }, { status: 401 });
|
|
|
|
|
}
|
