1.引入express-jwt依赖
npm i express-jw --save
const expressJwt = require('express-jwt')
const {secretKey} = require('./secretkey') //密钥文件
const jwtAuth = expressJwt({secret:secretKey,algorithms:['HS256']}).unless({ path:'/login'}) //unless 去除/login地址校验
module.exports = jwtAuth
2.封装密钥文件
创建secretKey.js文件
const crypto = require('crypto')
module.exports = {
MD5_SUFFIX:'USD75PIQ',//随便写
md5:(pwd)=>{ //md5加密token处理
let key = crypto.createHash('md5')
return key.update(pwd).disgest('hex')
},
secretKey:'li_hang_node' //随便写
}
3.创建登录接口并返回给用户token
const app = require('../request/index')
const sql = require('../../mysql/connect') //自定义sql组件
const jwt = require('jsonwebtoken') //
const {secretKey} = require('../toeken/secretkey') //token密钥
const {errorData, successData} = require('../contextReq/index') //自定义组件处理组件
app.get('/login', (req, res) => {
let {query} = req
let tokenKey = secretKey //加密内容
const time = 60 * 60 * 24 //token过期时间
sql(`SELECT * FROM user WHERE name = '${query.name}' AND password = '${query.password}'`, '', (data) => {
if (data.length) {
let tokenObj = { //携带参数
id: data[0].id,
username: data[0].name
}
let token = jwt.sign(tokenObj, tokenKey, {
expiresIn: time // token时长
})
res.end(successData({token: token, expiresIn: time}))
//用户登录成功后,更新数据库信息
sql(`UPDATE user SET point = '${query.point}',source = '${query.source}',connect = '${query.connect}'`)
//获取用户信息,更新system_info表
sql(`UPDATE system_info SET userName = '${data[0].name}',auth = '${data[0].auth}'`)
} else {
res.end(errorData(500, '用户名密码错误,请重新输入'))
}
})
})
4.统一token验证
在框架的中间件引入
//请求处理中心
const express = require('express')
const jwtAuth = require('../toeken/index')
const {errorData} = require('../contextReq/index')
const app = express()
app.use(jwtAuth) //统一添加token验证
app.use((err, req, res, next) => { //toekn 失效处理
res.writeHead(200, {'Content-Type': 'text/html;charset=utf-8'})
if (err.name === 'UnauthorizedError') {
res.end(errorData(401, '登录状态过期,请重新登录!'))
} else {
next()
}
})
app.listen(8088, (err) => {
})
module.exports = app