Express + JSON WEB TOKEN

最新推荐文章于 2024-08-18 21:47:00 发布

chenghuan8483

最新推荐文章于 2024-08-18 21:47:00 发布

阅读量127

点赞数

文章标签： json

原文链接：https://my.oschina.net/nextzeus/blog/1514358

版权

express4 & jsonwebtoken & express-jwt

JSON Web Token

What`s a JWT

Based on a Web Standard(RFC7519)
Used to Securely communicate JSON objects
Consists of a header , payload , and signature->self-contained

The JWT Header

The header is a JSON object usually consisting of the type (typ), which is JWT, and the algorithim used for encrypting for the JWT(alg)

{
	"typ":	"JWT",
	"alg":	"HS256"
}

The JWT Payload

The payload is a JSON object that consists of user-defined attributes (called public claims). Some attributes are defined in the standard (these are called reserved claims)

{
	"iss":	"http://myapi.com",	//reserved claim
	"user":	"nodebotanist"	//public claim
}

The JWT Signature

The signature is the encoded header and payload, signed with a secret.

HMACSHA256(
	base64UrlEncode(header) + "." +
	base64UrlEncode(payload),
	secret)

This accomplishes several tasks at once, including:

Proves the identity of the sender
Ensures the message has not changed

The JWT Token

A finished token looks like [encoded header].[encoded payload].[signature]

express-jwt & jsonwebtoken

var app = express();

...

//set middleware
var secret = 'nyancat 4 ever';
app.use(expressJwt({
  secret: secret,
  credentialsRequired: false,
  getToken: function fromHeaderOrQuerystring (req) {//自定义getToken 默认有这个函数 
    var token = null;
    if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
        token = req.headers.authorization.split(' ')[1];
    } else if (req.query && req.query.token) {//支持 get
        token = req.query.token.split(' ')[1];
    }
    console.log("Token %s",token);
    return token;
  }
}).unless({path:['/login']}));

...

//index.js
var router = express.Router();

// get /
router.get('/',function(req,res,next){
    return res.status(200).json('ok');
});

// post /login
router.post('/login',function(req,res,next){
  // must same as expressJwt secret
  var secret = 'nyancat 4 ever';
  var token = jwt.sign({username: req.body.username, password: req.body.password},secret,{expiresIn:  60 * 60});//expire 1 hour
  return res.status(200).json(token);
});

//post /token 
router.post('/token',function(req,res,next){
  return res.status(200).json('ok');
});

Test

var request = require("request");

request.post({
    url:    'http://localhost:1337/login',
    form:{
        username:   'test',
        password:   'pass123'
    }
},function(err,resp,body){
    var token = 'Bearer ' + JSON.parse(body);
    console.log('token -->>',token);

    //post method
    request.post({
        url:    'http://localhost:1337/token',
        headers:{
            authorization:  token
        }
    },function(err1,resp1,body1){
        console.log('token response ',err1,body1);
    });

    //get method
    request.get('http://localhost:1337/',{token:token},function(err,resp,body){
        console.log('index response ',err,body);
    });
});

转载于:https://my.oschina.net/nextzeus/blog/1514358