本文,express框架使用jsonwebtoken鉴权。
一. jsonwebtoken使用
npm i jsonwebtoken
const jwt = require('jsonwebtoken')
const singKey = 'mes_qdhd_mobile_xhykjyxgs' // 这里可以自己设置
exports.setToken = (username) => {
return new Promise((resolve, reject) => {
const token = jwt.sign(
{
username,
},
singKey,
{
expiresIn: 60 * 60,
algorithm: 'HS256',
}
)
resolve(token)
})
}
exports.verToken = (token) => {
return new Promise((resolve, reject) => {
let info = jwt.verify(token.split(' ')[1], singKey)
resolve(info)
})
}
exports.singKey = singKey
二. 问题
问题:token.split(' ')[1]为什么这样使用?
希望客户端给服务器传过来的token是Bearer xxx.xxx.xxx这样的形式。否则以下代码中会报错:
// app.js
var expressJwt = require('express-jwt')
var { verToken, singKey } = require('./util/token')
// 解析token获取用户信息
app.use(function (req, res, next) {
var token = req.headers['authorization']
if (token == undefined) {
return next()
} else {
verToken(token)
.then((data) => {
req.data = data
return next()
})
.catch((error) => {
return next()
})
}
})
//验证token是否过期并规定哪些路由不用验证
app.use(
expressJwt({
secret: singKey, // 密匙
algorithms: ['HS256'],
}).unless({
path: ['/login'], //除了这个地址,其他的URL都需要验证
})
)
// 错误处理
app.use(function (err, req, res, next) {
// set locals, only providing error in development
res.locals.message = err.message
res.locals.error = req.app.get('env') === 'development' ? err : {}
// render the error page
res.status(err.status || 500)
console.log(err)
if (err.status == 401) {
res.send(httpRequest.untoken())
} else if (err.status == 404) {
res.send(httpRequest.notFound())
} else {
res.send({ code: err.status, data: {}, msg: err.status })
}
})
当不是Bearer xxx.xxx.xxx形式时,一直报401,console.log(err)可以输出错误信息:
UnauthorizedError: Format is Authorization: Bearer [token]
at middleware (D:\前端练习\Node\publicserver\node_modules\express-jwt\lib\index.js:73:21)
at result (D:\前端练习\Node\publicserver\node_modules\express-unless\index.js:49:5)
at Layer.handle [as handle_request] (D:\前端练习\Node\publicserver\node_modules\express\lib\router\layer.js:95:5)
at trim_prefix (D:\前端练习\Node\publicserver\node_modules\express\lib\router\index.js:317:13)
at D:\前端练习\Node\publicserver\node_modules\express\lib\router\index.js:284:7
at Function.process_params (D:\前端练习\Node\publicserver\node_modules\express\lib\router\index.js:335:12)
at next (D:\前端练习\Node\publicserver\node_modules\express\lib\router\index.js:275:10)
at D:\前端练习\Node\publicserver\app.js:40:12 {
code: 'credentials_bad_format',
status: 401,
inner: { message: 'Format is Authorization: Bearer [token]' }
}
三. 解决方法
1.发送请求时,请求头header中手动添加Bearer
header: {
Authorization: 'Bearer ' + token
},
2.使用postman时,选择Bearer Token