const jwt = require('jsonwebtoken');
const Logs = require('../libs/logs');
module.exports = (req, res, next) => {
  const token = req.headers['authorization'].replace('Bearer ', '');

  if (!token) {
    return res.unauthorized('未提供 token');
  }

  try {
    const decoded = jwt.verify(token, process.env.JWT_SECRET);
    req.userId = decoded.userId;
    next();
  }
  catch (err) {
    Logs.errDev('token验证错误:', err);
    res.unauthorized('无效或已过期的 token');
  }
};