jsonwebtoken(jwt):

  • express-jwt: 不太灵活
  • jsonwebtoken

jsonwebtoken简单使用

  1. 加密 ```json const jwt = require(‘jsonwebtoken’); const secrect = ‘lantong’;

// 加密 const token = jwt.sign( // 这一部分为payload { id: 1, name: ‘蓝火之瞳’ }, secrect, // 秘钥,对称加密的秘钥 { expiresIn: 3600 // 过期时间秒为单位 } ) // console.log(token);

  2. 2. 解密
  3. ```json
  4. // 解密
  5. // const decode = jwt.decode(token); 不会对token进行验证
  6. try {
  7.     const decode = jwt.verify(token, secrect); // 传入token和对称加密秘钥
  8.     console.log(decode)
  9. } catch (error) {
  10.     console.log('token过期')
  11. }

使用jwt.verify(token, secrect);来解密,如果token不合法,会直接报错

封装jwt工具

  2. const jwt = require('jsonwebtoken');
  3. const secrect = 'lantong';
  4. const cookieKey = 'token';
  5. exports.publish = function (res, maxAge = 3600 * 24, info = {},) { // res是请求的返回结果
  6.     const token = jwt.sign(
  7.         info,
  8.         secrect,
  9.         {
  10.             expiresIn: maxAge
  11.         }
  12.     )
  13.     // 添加到cookie
  14.     res.cookie(cookieKey, token, {
  15.         maxAge: maxAge * 1000, // cookie中是毫秒
  16.         path: '/'
  17.     });
  18.     // 添加到header
  19.     res.header('authorization', token)
  20. }
  22. exports.veryfy = function (req) {
  23.     let token = req.cookies.token || req.headers.authorization;
  24.     if (!token) {
  25.         return null;
  26.     }
  27.     // 验证beater token
  28.     const parts = token.split(' ');
  29.     token = parts.length === 1 ? parts[0] : parts[1];
  30.     try {
  32.         const decode = jwt.verify(token, secrect);
  33.         req.userId = decode.id;
  34.         return decode;
  35.     } catch (error) {
  36.         return false;
  37.     }
  38. }

颁发jwt

  1. const express = require('express');
  2. const router = express.Router();
  3. const { getResult } = require('./sendHelper');
  4. const AdminService = require('../../services/adminService');
  5. const crypter = require('../../util/crypt');
  6. const JWT = require('../jwt')
  7. router.get('/', (req, res, next) => {
  8.     const { loginName, loginPwd } = req.query;
  9.     AdminService.getAdminByLoginPwdAndLoginName(loginName, loginPwd).then(resp => {
  10.         // res.header("set-cookie", `token=${resp.id};domain=localhost;path=/;max-age=3600;`);
  11.         //1. 使用cookieheader做验证信息
  12.         // const value = crypter.encrypt(resp.id.toString());
  13.         // res.cookie('token', value, {
  14.         //     path: '/',
  15.         //     maxAge: 7 * 24 * 3600 * 1000, //此处是毫秒,
  16.         //     // signed: true 不适用cookie-parser自动加密
  17.         // })
  18.         // res.header('Authorization', value)
  19.         //2.  使用session做验证信息
  20.         // req.session.loginUser = resp;
  21.         //3 使用jwt验证
  22.         console.log('resp', resp)
  23.         JWT.publish(res, 3600, { id: resp.id });
  24.         res.send(getResult(resp))
  25.     }).catch(err => next(err))
  26. })
  27. router.post('/', (req, res, next) => {
  28.     AdminService.addAdmin(req.body).then(resp => {
  29.         res.send(getResult(resp))
  30.     }).catch(err => next(err))
  31. })
  32. router.get('/whoami', (req, res, next) => {
  33.     AdminService.getAdminById(req.userId).then(resp => {
  34.         res.send(getResult(resp))
  35.     }).catch(err => next(err))
  36. })
  38. module.exports = router;
  1. 引入const JWT = require(‘../jwt’)
  2. 使用JWT.publish(res, 3600, { id: resp.id });

    认证jwt

    ```json

const { pathToRegexp } = require(‘path-to-regexp’); const ceyptor = require(‘../../util/crypt’) const jwt = require(‘../jwt’) const needTokenApi = [ { method: ‘POST’, path: ‘/api/student’ }, { method: ‘PUT’, path: ‘/api/student/:id’ }, { method: ‘GET’, path: ‘/api/admin/whoami’ } ] module.exports = function (req, res, next) { const apis = needTokenApi.filter(api => { return api.method === req.method && pathToRegexp(api.path).test(req.path); }) if (apis.length === 0) { next(); return; } //1. 使用cookie和header验证身份 // let token = req.cookies.token || req.headers.Authorization; //未加密 // console.log(‘req.cookies.token’, ceyptor.decrypt(req.cookies.token)) // 解密token // // let token = req.signedCookies.token || req.headers.Authorization; 不使用,因为自动加密,header无法加密 // if (!token) { // throw Error(‘you have not access the api’); // } //2. 使用session验证身份 // console.log(req.session); // if (req.session.loginUser) { // next(); // } else { // throw Error(‘you have not access the api’); // } //3. jwt const result = jwt.veryfy(req); if (result) { next(); } else { throw Error(‘you have not access the api’); } }


1. 引入const jwt = require('../jwt')
1. 认证:` const result = jwt.veryfy(req);`
<a name="P4TPa"></a>
## 添加whoami接口

1. 办法jtw的时候,将用户的id放进req中
```json
 JWT.publish(res, 3600, { id: resp.id });

  1. 验证jwt通过,将用户的id添加到req对象的userId属性上

    exports.veryfy = function (req) {
 let token = req.cookies.token || req.headers.authorization;
 if (!token) {
     return null;
 }
 // 验证beater token
 const parts = token.split(' ');
 token = parts.length === 1 ? parts[0] : parts[1];
 try {

     const decode = jwt.verify(token, secrect);
     req.userId = decode.id;
     return decode;
 } catch (error) {
     return false;
 }
}

  2. /whoami接口中,拿到req中的的userId属性的值做查询 ```json router.get(‘/whoami’, (req, res, next) => { AdminService.getAdminById(req.userId).then(resp => {

     res.send(getResult(resp))

    }).catch(err => next(err)) })

```