'use strict';

// middleware/jwtErr.js
module.exports = options => {
  return async function jwtErr(ctx, next) {
    try {
      let tokenTemp = ctx.headers.authorization.split(' ')
      let token = tokenTemp[tokenTemp.length - 1];
      let decode = await ctx.app.jwt.verify(token, options.secret)
      let params = {
        _id: decode.userID
      }
      let permission = await ctx.service.utils.checkPerssion("User", params)
      if (permission) {
        await next()
      } else {
        ctx.body = { "statusCode": 403, "errMsg": "没有权限" };
      }
    } catch (err) {
      ctx.body = { "statusCode": 403, "errMsg": `错误信息：${err}` };
    }
  };
};