1.首次登录时,生成token,设置token有效期,并将token设置到返回头或者数据库中
let token = jwt.sign(userInfo, configs.jwt.jwtKey, { expiresIn: 60 * 60 });
// 将token设置到返回头信息中
ctx.set("authorization", token);
2.前端首次登录时,从response header中获取token并存到本地缓存
axios.interceptors.response.use(response => {
// 将返回的authorization设置到localStorage中的token
if (response.headers.authorization) {
localStorage.setItem("token", response.headers.authorization);
}
return response;
}, error => {...})
3.非首次登录,每次请求头都带上token
axios.interceptors.request.use(configs => {
let token = localStorage.getItem("token");
if (token) {
configs.headers.authorization = token;
}
return configs;
});
4.后端设置路由权限必须要token
import { Controller, Flow } from 'koa-ts-controllers';
@Controller('/board')
@Flow([authorization])
class BoardController {
}
5.nodejs 对token进行解码
import { Context, Next } from 'koa'
import Boom from '@hapi/Boom'
// 鉴权
import jwt from 'jsonwebtoken';
import configs from '../configs';
export default async function authorization(
ctx: Context,
next: Next
) {
// 校验是否存在userInfo
if (!ctx.userInfo || ctx.userInfo.id < 1) {
throw Boom.unauthorized("无权访问,请先登录");
}
// 校验请求头里是否存在token
let authorization = ctx.request.header.authorization;
if(!authorization){
ctx.body = {
code: 1,
data:{},
error: 400,
mes: '没有权限请求'
}
throw Boom.unauthorized("token不存在,没有权限请求");
}
authorization = authorization.split(' ')[1];
try{
let data = await jwt.verify(authorization, configs.jwt.jwtKey);
}catch(err){
if(err.name === 'TokenExpiredError'){
// 过期把数据库中也清除
// jwt.decode(authorization, async function(err, data){
// await service.actionToken.deleteToken({userId: payload._id});
// })
ctx.body = {
code: 1,
data:{},
error: 400,
mes: '登录已过期,请重新登录'
}
throw Boom.unauthorized("token失效");
}
}
// 判断是否合法(decode方法里面必须是对象)
let decode = await jwt.decode(JSON.parse(authorization));
if(!decode){
ctx.body = {
code: 1,
data:{},
error: 400,
mes: 'token不合法,请检查后重试'
}
throw Boom.unauthorized("token不合法,请检查后重试");
}
await next();
}
6.设置过期时间 { expiresIn: 60 * 60 }单位S
let token = jwt.sign(userInfo, configs.jwt.jwtKey, { expiresIn: 60 * 60 });
7.jwt.decode()返回null,jwt.decode()的参数必须是对象JSON.parse()包装一下即可
let decode = await jwt.decode(JSON.parse(authorization));