jwt
想了很久还是记录下来吧,到现在也仅仅理解了10%不到
下包
1.jsonwebtoken
:
npm install jsonwebtoken
2.passport
:
npm install passport
3.passport-jwt
:
npm install passport-jwt
配置
app.js
:
const passport = require("passport");
// 配置passport 把配置抽离一个单独的文件
app.use(passport.initialize()); // 初始化
require("./controller/config/passport")(passport); // 导入配置文件 把passport传递过去,而且要导入一个函数
passport.js
:
// // 专门用来配置Passport 验证jwt 配置的话,搜索passport-jwt
const JwtStrategy = require("passport-jwt/lib").Strategy,
ExtractJwt = require("passport-jwt/lib").ExtractJwt;
const mongoose = require("mongoose");
const adminUser = mongoose.model("admin_user");
const keys = require("./jwtAuth");
const opts = {};
opts.jwtFromRequest = ExtractJwt.fromAuthHeaderAsBearerToken();
opts.secretOrKey = keys.secretOrKey;
// 导出一个函数
module.exports = passport => {
passport.use(new JwtStrategy(opts, function(jwt_payload, done){
// console.log(jwt_payload); // 保存了解析后的用户信息
adminUser.findOne({_id: jwt_payload.userId}).then(user => {
if(user) {
return done(null, user);
} else {
return done(null, false);
}
}).catch(err => console.log(err));
}));
};
秘钥jwtAuth.js
:
module.exports = {
secretOrKey: "Guadalcanal"
};
登录生成token
: admin.js
const token = await jwt.sign(rules,cert.secretOrKey,{expiresIn: 60*60});
const jwt = require('jsonwebtoken');
const cert = require('./config/jwtAuth');
// 登录
router.post('/login', async (req, res, next) => {
try {
const {
username,
password
} = req.body
if (username && password) {
const user = await adminUserDB.findOne({ username });
if (user) {
if (password === user.password) {
const rules = {
username: username,
userId: user._id
};
const token = await jwt.sign(rules,cert.secretOrKey,{expiresIn: 60*60});
// req.session.user = user; //将用户信息存进session
const data = await adminUserDB.findOne({ username }).select('-password');
res.json({
code: 200,
msg: "登录成功!",
data,
token: "Bearer " + token
})
} else {
res.json({
code: 400,
msg: '密码错误!'
})
}
} else {
res.json({
code: 400,
msg: '账号未注册!'
})
}
} else {
res.json({
code: 400,
msg: '缺少必要参数!',
})
}
} catch (err) {
next(err)
}
})
解析:users.js
: 烙印passport.authenticate("jwt", {session: false})
const jwt = require('jsonwebtoken');
const cert = require('./config/jwtAuth');
const passport = require("passport");
// 3.获取所有的用户
router.get("/getUsers",passport.authenticate("jwt", {session: false}), async (req, res) => {
let {pn =1, size = 10} = req.query;
pn = parseInt(pn);
size = parseInt(size);
const count = await userDB.countDocuments();
const userData = await userDB.find({}).sort({create_time: 1}).limit(size).skip((pn - 1) * size);
if(userData) {
res.json({
code: 200,
msg: "success!",
data: userData,
count,
})
} else {
res.json({
code: 400,
msg: '查找失败',
})
}
});
登录的时候拿到token保存到cookie中,引用了cookie.js:
var millisecond = new Date().getTime();
var expiresTime = new Date(millisecond + 60 * 1000 * 60);
Cookie.set('mytoken', res.token, {
expires: expiresTime,
});
前端这时候请求数据需要携带令牌,不妨在拦截器中设置请求头:
// http request 拦截器
instance.interceptors.request.use( config => {
// 判断是否存在token,如果存在的话,则每个http header都加上token
config.headers.authorization = Cookie.get("mytoken");
return config;
},
error => {
Promise.reject(error)
}
)
写的很垃圾,理解的不是很透彻,只为自己的记录哈,慢慢来喽!写完继续码项目了,晚上开始继续跑步了,南方黑芝麻糊又喝完了。。。