一、登录和验证
1、cookie
前面我们了解了通过给浏览器设置cookie等让浏览器辨别我们。
这里我们使用各一个插件,可以更好地运用cookie,npm i -d cookie-parser
。
//api/admin
const express = require("express");
const router = express.Router();
const adminServ = require("../../services/adminService");
const { asyncHandler } = require("../getSendResult");
const cryptor = require("../../util/crypt");//加密方法
router.post(
"/login",
asyncHandler(async (req, res) => {
const result = await adminServ.login(req.body.loginId, req.body.loginPwd);
if (result) {
let value = result.id;
value = cryptor.encrypt(value.toString());//加密
//登录成功
res.cookie("token", value, {
path: "/",
domain: "localhost",
maxAge: 7 * 24 * 3600 * 1000, //毫秒数
});
res.header("authorization", value);
}
return result;
})
);
module.exports = router;
//util/crypt
// 使用对称加密算法:aes 128
// 128位的秘钥
const secret = Buffer.from("mm7h3ck87ugk9l4a");
const crypto = require("crypto");
// 准备一个iv,随机向量
const iv = Buffer.from("jxkvxz97409u3m8c");
exports.encrypt = function (str) {
const cry = crypto.createCipheriv("aes-128-cbc", secret, iv);
let result = cry.update(str, "utf-8", "hex");
result += cry.final("hex");
return result;
};
exports.decrypt = function (str) {
const decry = crypto.createDecipheriv("aes-128-cbc", secret, iv);
let result = decry.update(str, "hex", "utf-8");
result += decry.final("utf-8");
return result;
};
//tokenMiddleware
const { getErr } = require("./getSendResult");
const { pathToRegexp } = require("path-to-regexp");
const cryptor = require("../util/crypt");
//分析请求
const needTokenApi = [
{ method: "POST", path: "/api/student" },
{ method: "PUT", path: "/api/student/:id" },
{ method: "GET", path: "/api/student" },
];
// 用于解析token
module.exports = (req, res, next) => {
// /api/student/:id 和 /api/student/1771
const apis = needTokenApi.filter((api) => {
const reg = pathToRegexp(api.path);
return api.method === req.method && reg.test(req.path);
});
if (apis.length === 0) {
next();
return;
}
let token = req.cookies.token;
if (!token) {
// 从header的authorization中获取
token = req.headers.authorization;
}
if (!token) {
//没有认证
handleNonToken(req, res, next);
return;
}
const userId = cryptor.decrypt(token);//解密
req.userId = userId;
next();
};
//init
const express = require('express');
const app = express(); //创建一个express应用
const path = require("path");
const staticRoot = path.resolve(__dirname, "../public");
app.use(express.static(staticRoot));
// 加入cookie-parser 中间件
// 加入之后,会在req对象中注入cookies属性,用于获取所有请求传递过来的cookie
// 加入之后,会在res对象中注入cookie方法,用于设置cookie
const cookieParser = require("cookie-parser");
app.use(cookieParser());
// 应用token中间件
app.use(require("./tokenMiddleware"));//分析cookie,token
// 解析 application/x-www-form-urlencoded 格式的请求体
app.use(express.urlencoded({
extended: true
}));
// 解析 application/json 格式的请求体
app.use(express.json());
// 处理api请求
app.use("/api/student",require("./api/student"));
app.use("/api/admin", require("./api/admin"));
// 处理错误的中间件
app.use(require('./errorMiddleware'));
const port = 5018;
app.listen(port, () => {
console.log(`server listen on ${port}`);
});
博主开始运营自己的公众号啦,感兴趣的可以关注“飞羽逐星”微信公众号哦,拿起手机就能阅读感兴趣的文章啦!