Front-end and back-end analysis of the login process in Element UI

1. Login process analysis

1. On the front end, the user enters a user name and password, combines routing and authorization verification, and then logs in. In this way, the front end sends the user name and password to the back end. After receiving the rear end, in conjunction with mysqlthe application performs user authentication.
2. Binding backend jwtapplication, by jwtgenerating tokenthe tokentransmission to the front end. The front end saves tokenand then requests user information. In storage tokenuse and user information request axiosinterceptor.
3. When the front end of the requesting user information, tokento be attached to http header, to a rear end, a rear end for tokenverification.
4. Get the back end token, the resolve tokenobtain a user name and query the user information, and then to the front. The front end is redirected to /, through redirection technology.
5. After the front end is redirected, a menu is generated according to the user's authority, and sidebar information is generated.

2. Back-end API processing flow

1. Front end request API, then jwt tokenthe authentication, it is determined whether jwtthe whitelist. If it belongs to the whitelist, call the request directly controller. If you do not belong to the white list, be jwt tokenverified. If the verification fails, the request is intercepted. If the verification is passed, call the request controller.
2. Request controllerperformed after express-validatorauthentication, authentication bodyparameters. If the validation fails, throw an 404error. If verified, the MySQLdatabase, call the loginservice to check on admin_userthe table.
3. After the query is completed, determine whether the user exists. If it does not exist, return the user name or password does not exist. If present, to generate jwt token, and return tokeninformation.

Third, the understanding of Token

1. Token, It is essentially a string, which is used in the request header to verify the legality of the request and determine the identity of the user.
2. Token、Session 和 Cookie The difference is as follows:

• SessionStored on the server side, used to temporarily store user information when the client connects to the server side. When the appliance releases the connection, it Sessionwill be released
• CookieStored in the client, when the client sends a request, Cookiewill be shipped in http header, the service provided to the end user identity recognition
• Token Provided when requested to verify whether the user has the authority to access the interface

3. Token The purpose of is as follows:

• Intercept invalid requests and reduce server processing pressure
• Achieve third-party APIauthorization, without having to enter a user name and password each time authentication
• Identity verification, to prevent CSRFattacks

4. JWT, , JSON Web TokenIt is a very popular cross-domain authentication solutions.