1、安装jsonwebtoken
npm i jsonwebtoken -S
2、创建jwt.js文件
let jwt = require('jsonwebtoken')
const key = 'web26-jwt'
// 产生token方法
function sign() {
// 载体
let payload = { data: '95243611@qq.com' }
// 密钥
let secretOrPrivateKey = key
// 配置,1天有效期
let options = { expiresIn: 86400 }
return jwt.sign(payload, secretOrPrivateKey, options)
}
// 验证token
function verify(token) {
try {
let rt = jwt.verify(token, key)
console.log('your token msg:--------------->', rt)
} catch (error) {
return false
}
return true
}
module.exports = { sign, verify }
3、获得token的接口,一般在登录时服务端响应返回token
var express = require('express')
var router = express.Router()
const { sign, verify } = require('../utils/jwt.js')
/* GET users listing. */
router.get('/', function (req, res, next) {
res.send({
data: null,
token: sign(),
meta: { status: 200, msg: '请求token成功' },
})
})
router.get('/verify', function (req, res, next) {
let token = req.headers.token
verify(token)
res.send({
data: null,
token: token,
meta: { status: 200, msg: '验证token成功' },
})
})
module.exports = router
4、在app.js中进行拦截token
// 拦截所有请求信息
app.all('*', function (req, res, next) {
// 设置跨域响应头
res.setHeader('Access-Control-Allow-Origin', '*')
res.setHeader('Access-Control-Allow-Headers', '*')
res.setHeader('Access-Control-Allow-Methods', '*')
let url = req.url
if (url === '/users' || url === '/users/login' || url === '/users/register') {
return next()
}
let token = req.headers.token
if (!token || !verify(token)) {
return res.send({
data: null,
meta: {
status: 403,
msg: '请重新登录',
},
})
}
// 放行
next()
})
5、在客户端发送请求获得token
6、请求其他接口时进行接口的验证