用python语言实现JWT接口
开发api接口,前后端分离,最好使用token,为什么这么说呢,因为session+cookies是基于web的。但是针对 api接口,可能会考虑到移动端,app是没有cookies和session的。JWT由header + payload + sign三部分组成,中间用.
连接
以下是根据JWT的原理通过python语言自己实现的jwt接口
import base64
import hmac
import json
import time
import copy
class JWT:
def __init__(self):
pass
@staticmethod
def b64decode(b_s):
# 补全签发时 替换掉的等号
rem = len(b_s) % 4
b_s += b'=' * (4 - rem)
return base64.urlsafe_b64decode(b_s)
@staticmethod
def b64encode(j_s):
return base64.urlsafe_b64encode(j_s).replace(b'=', b'')
@staticmethod
def encode(payload, key):
header = {'alg': 'HS256', 'typ': 'JWT'}
header = JWT.b64encode(json.dumps(header, separators=(',', ':')).encode())
payload = copy.deepcopy(payload)
payload = JWT.b64encode(json.dumps(payload, separators=(',', ':')).encode())
s = header + b'.' + payload
h = hmac.new(key.encode(), s, digestmod='SHA256')
sign = h.digest()
sign = JWT.b64encode(sign)
return header + b'.' + payload + b'.' + sign
@staticmethod
def decode(key, jwt_s):
# 前两项bs 再做一次hmac签名, 与第三部分进行比较,若两者相等,校验成功;失败 raise
header_bs, payload_bs, sign_bs = jwt_s.split(b'.')
if isinstance(key, str):
key = key.encode()
hm = hmac.new(key, header_bs + b'.' + payload_bs, digestmod='SHA256')
new_sign_bs = JWT.b64encode(hm.digest())
if new_sign_bs != sign_bs:
raise
# 检查payload中的时间
payload_json = JWT.b64decode(payload_bs)
# json字符串 --> python对象
payload = json.loads(payload_json)
exp = payload['exp']
now_t = time.time()
if now_t > exp:
raise
return payload
if __name__ == '__main__':
s = JWT.encode({'exp': time.time() + 300, 'username': 'xdj'}, 'abc')
print(JWT.decode('abc', s))