Update verify.js

verify.js

@@ -1,37 +1,81 @@
-const manager = require('../lib/manager')
+// verify.js
+
+const manager = require('../lib/manager'); // 假设 ../lib/manager 路径相对于此文件是正确的
+
 const verify = async (req, res, next) => {
-  const apiKey = req.headers['x-api-key']
+  console.log('[AUTH_MIDDLEWARE] Received request. Verifying API key...');
+  console.log(`[AUTH_MIDDLEWARE] Request Headers: ${JSON.stringify(req.headers)}`); // 打印所有请求头，方便调试
+
+  // 从 x-api-key 请求头获取 token
+  // HTTP headers are case-insensitive, but Node.js's req.headers object keys are lowercased.
+  const apiKey = req.headers['x-api-key'];
+
   if (!apiKey) {
-    return res.status(401).json({ message: 'Unauthorized' })
+    console.log('[AUTH_MIDDLEWARE] Unauthorized: x-api-key header is missing.');
+    return res.status(401).json({
+      error: {
+        message: 'Unauthorized: x-api-key header is missing.',
+        type: 'authentication_error',
+        code: 'api_key_missing'
+      }
+    });
   }
 
-  if (apiKey === process.env.AUTH_TOKEN) {
+  console.log(`[AUTH_MIDDLEWARE] Received x-api-key: "${apiKey}"`);
+
+  // 从环境变量获取预期的 AUTH_TOKEN
+  const expectedToken = process.env.AUTH_TOKEN;
+
+  if (!expectedToken) {
+    console.error('[AUTH_MIDDLEWARE] CRITICAL: AUTH_TOKEN environment variable is not set on the server!');
+    return res.status(500).json({
+      error: {
+        message: 'Internal Server Error: Authentication token not configured.',
+        type: 'server_error',
+        code: 'auth_token_not_set'
+      }
+    });
+  }
+
+  if (apiKey === expectedToken) {
+    console.log('[AUTH_MIDDLEWARE] API key verification successful.');
     try {
-      req.account = await manager.getAccount()
+      console.log('[AUTH_MIDDLEWARE] Attempting to get account...');
+      req.account = await manager.getAccount();
       if (!req.account) {
-        return res.status(503).json({ 
+        console.warn('[AUTH_MIDDLEWARE] Account not found after successful API key verification.');
+        return res.status(503).json({
           error: {
-            message: '服务暂时不可用，无法获取有效账户',
+            message: '服务暂时不可用，无法获取有效账户 (Service temporarily unavailable, cannot retrieve a valid account)',
             type: 'service_unavailable',
             code: 'account_unavailable'
           }
-        })
+        });
       }
-      // console.log(`身份校验成功，使用账号=> ${JSON.stringify(req.account)}`)
-      next()
+      console.log(`[AUTH_MIDDLEWARE] Account retrieved successfully. User: ${JSON.stringify(req.account)}`);
+      next();
     } catch (error) {
-      console.error('获取账户时出错:', error)
-      return res.status(503).json({ 
+      console.error('[AUTH_MIDDLEWARE] Error while getting account:', error);
+      return res.status(503).json({
         error: {
-          message: '服务暂时不可用',
+          message: '服务暂时不可用 (Service temporarily unavailable)',
           type: 'service_unavailable',
-          code: 'internal_error'
+          code: 'internal_error_account_retrieval'
         }
-      })
+      });
     }
   } else {
-    return res.status(401).json({ message: 'Unauthorized' })
+    // 为了安全，不要在日志中直接打印预期的 token，除非在非常受控的调试环境中
+    // 可以打印接收到的 token 和预期 token 的部分信息（例如长度或哈希值）进行比较
+    console.warn(`[AUTH_MIDDLEWARE] Unauthorized: Invalid API key. Received: "${apiKey}", Expected token (length): ${expectedToken.length}`);
+    return res.status(401).json({
+      error: {
+        message: 'Unauthorized: Invalid API Key.',
+        type: 'authentication_error',
+        code: 'invalid_api_key'
+      }
+    });
   }
-}
+};
 
-module.exports = verify
+module.exports = verify;