cursor done.

server/middleware/auth.js

@@ -0,0 +1,23 @@
+const jwt = require('jsonwebtoken');
+const { JWT_SECRET } = require('../config');
+
+function authenticateToken(req, res, next) {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+
+  if (!token) {
+    return res.status(401).json({ success: false, error: '未提供认证令牌' });
+  }
+
+  jwt.verify(token, JWT_SECRET, (err, user) => {
+    if (err) {
+      return res.status(403).json({ success: false, error: '无效的认证令牌' });
+    }
+    req.user = user;
+    next();
+  });
+}
+
+module.exports = {
+  authenticateToken
+};