29 lines
678 B
TypeScript
29 lines
678 B
TypeScript
import { NextRequest } from 'next/server'
|
|
import { verifyToken } from '@/lib/auth'
|
|
import { prisma } from '@/lib/prisma'
|
|
|
|
export async function requireAdmin(request: NextRequest) {
|
|
const authHeader = request.headers.get('Authorization')
|
|
const token = authHeader?.replace('Bearer ', '')
|
|
|
|
if (!token) {
|
|
throw new Error('未提供认证令牌')
|
|
}
|
|
|
|
const decoded = verifyToken(token)
|
|
if (!decoded) {
|
|
throw new Error('无效的认证令牌')
|
|
}
|
|
|
|
const user = await prisma.user.findUnique({
|
|
where: { id: decoded.userId },
|
|
select: { id: true, isAdmin: true }
|
|
})
|
|
|
|
if (!user || !user.isAdmin) {
|
|
throw new Error('权限不足')
|
|
}
|
|
|
|
return user
|
|
}
|