Update verify.js

verify.js

@@ -1,49 +1,9 @@
-// verify.js
+// verify.js (带有详细日志的版本)
 
 const manager = require('../lib/manager');
 
 const verify = async (req, res, next) => {
-  console.log('[AUTH_MIDDLEWARE] Received request. Verifying API key...');
-  console.log(`[AUTH_MIDDLEWARE] Request Headers: ${JSON.stringify(req.headers)}`);
-
-  const apiKeyHeaderValue = req.headers['x-api-key']; // Get the raw header value
-
-  if (!apiKeyHeaderValue) {
-    console.log('[AUTH_MIDDLEWARE] Unauthorized: x-api-key header is missing.');
-    return res.status(401).json({
-      error: {
-        message: 'Unauthorized: x-api-key header is missing.',
-        type: 'authentication_error',
-        code: 'api_key_missing'
-      }
-    });
-  }
-
-  let apiKey = apiKeyHeaderValue; // Initialize apiKey with the full header value
-
-  // Check if the header value starts with "Bearer " (case-insensitive) and remove it
-  if (apiKeyHeaderValue.toLowerCase().startsWith('bearer ')) {
-    apiKey = apiKeyHeaderValue.substring(7); // "Bearer " is 7 characters long
-    console.log(`[AUTH_MIDDLEWARE] "Bearer " prefix found and stripped from x-api-key. Effective API key: "${apiKey}"`);
-  } else {
-    console.log(`[AUTH_MIDDLEWARE] No "Bearer " prefix found in x-api-key. Using as is: "${apiKeyHeaderValue}"`);
-    // apiKey remains apiKeyHeaderValue
-  }
-
-  console.log(`[AUTH_MIDDLEWARE] Processed x-api-key for comparison: "${apiKey}"`);
-
-  const expectedToken = process.env.AUTH_TOKEN;
-
-  if (!expectedToken) {
-    console.error('[AUTH_MIDDLEWARE] CRITICAL: AUTH_TOKEN environment variable is not set on the server!');
-    return res.status(500).json({
-      error: {
-        message: 'Internal Server Error: Authentication token not configured.',
-        type: 'server_error',
-        code: 'auth_token_not_set'
-      }
-    });
-  }
+  // ... (之前的 API key 验证逻辑) ...
 
   if (apiKey === expectedToken) {
     console.log('[AUTH_MIDDLEWARE] API key verification successful.');
@@ -60,27 +20,25 @@ const verify = async (req, res, next) => {
           }
         });
       }
-      console.log(`[AUTH_MIDDLEWARE] Account retrieved successfully. User: ${JSON.stringify(req.account)}`);
+      // 修改这一行，避免 stringify 整个可能包含循环引用的对象
+      if (req.account.email) { // 假设 email 是一个你想记录的安全属性
+          console.log(`[AUTH_MIDDLEWARE] Account retrieved successfully. User Email: ${req.account.email}`);
+      } else {
+          console.log(`[AUTH_MIDDLEWARE] Account object retrieved successfully (details not logged to avoid circular structure error).`);
+      }
       next();
     } catch (error) {
-      console.error('[AUTH_MIDDLEWARE] Error while getting account:', error);
+      console.error('[AUTH_MIDDLEWARE] Error while getting account (could be during retrieval or logging):', error); // 错误可能发生在这里或之前的 stringify
       return res.status(503).json({
         error: {
           message: '服务暂时不可用 (Service temporarily unavailable)',
           type: 'service_unavailable',
-          code: 'internal_error_account_retrieval'
+          code: 'internal_error_account_retrieval_or_logging' // 更精确的错误码
         }
       });
     }
   } else {
-    console.warn(`[AUTH_MIDDLEWARE] Unauthorized: Invalid API key. Received for comparison: "${apiKey}", Expected token (from env, length): ${expectedToken.length}`);
-    return res.status(401).json({
-      error: {
-        message: 'Unauthorized: Invalid API Key.',
-        type: 'authentication_error',
-        code: 'invalid_api_key'
-      }
-    });
+    // ... (无效 API key 的逻辑) ...
   }
 };