jwt服务器开发
一、jwt服务器开发
//init
const express = require("express");
const app = express();
const cors = require("cors");
// 映射public目录中的静态资源
const path = require("path");
const staticRoot = path.resolve(__dirname, "../public");
app.use(express.static(staticRoot));
const whiteList = ["null", "http://localhost:5008"];
app.use(
cors({
origin(origin, callback) {
if (!origin) {//不跨域的
callback(null, "*");
return;
}
if (whiteList.includes(origin)) {
callback(null, origin);
} else {
callback(new Error("not allowed"));
}
},
credentials: true,
})
);
//jwt
const secrect = "jimo";
const cookieKey = "token";
const jwt = require("jsonwebtoken");
// 颁发jwt
exports.publish = function (res, maxAge = 3600 * 24, info = {}) {
const token = jwt.sign(info, secrect, {
expiresIn: maxAge,
});
//添加到cookie
res.cookie(cookieKey, token, {
maxAge: maxAge * 1000,
path: "/",
});
//添加其他传输
res.header("authorization", token);
};
exports.verify = function (req) {
let token;
//尝试从cookie中获取
token = req.cookies[cookieKey]; //cookie中没有
if (!token) {
//尝试中header中
token = req.headers.authorization;
if (!token) {
//没有token
return null;
}
// authorization: bearer token
token = token.split(" ");
token = token.length === 1 ? token[0] : token[1];
}
try {
const result = jwt.verify(token, secrect);
return result;
} catch(err) {
return null;
}
};
//tokenMiddleware
const { getErr } = require("./getSendResult");
const { pathToRegexp } = require("path-to-regexp");
const jwt = require("./jwt");
const needTokenApi = [
{ method: "POST", path: "/api/student" },
{ method: "PUT", path: "/api/student/:id" },
{ method: "GET", path: "/api/student" },
{ method: "GET", path: "/api/admin/user" },
];
// 用于解析token
module.exports = (req, res, next) => {
// /api/student/:id 和 /api/student/1771
const apis = needTokenApi.filter((api) => {
const reg = pathToRegexp(api.path);
return api.method === req.method && reg.test(req.path);
});
if (apis.length === 0) {
next();
return;
}
const result = jwt.verify(req);
if (result) {
//认证通过
req.userId = result.id;
next();
} else {
//认证失败
handleNonToken(req, res, next);
}
};
//处理没有认证的情况
function handleNonToken(req, res, next) {
res
.status(403)
.send(getErr("you dont have any token to access the api", 403));
}
//api/admin
const express = require("express");
const router = express.Router();
const adminServ = require("../../services/adminService");
const { asyncHandler } = require("../getSendResult");
const jwt = require("../jwt");
router.post(
"/login",
asyncHandler(async (req, res) => {
const result = await adminServ.login(req.body.loginId, req.body.loginPwd);
if (result) {
let value = result.id;
//登录成功
jwt.publish(res, undefined, { id: value });
}
return result;
})
);
router.get("/user", asyncHandler(async (req, res) => {
return await adminServ.getAdminById(req.userId)
}));
module.exports = router;
博主开始运营自己的公众号啦,感兴趣的可以关注“飞羽逐星”微信公众号哦,拿起手机就能阅读感兴趣的博客啦!