User rights verification is nodeJs, token generation and verification tools, stepped pit recording ~~~ - jsonwebtoken and express-jwt
Steps for usage:
First, download
npm install jsonwebtoken --save
npm install express-jwt --save
Second, the token generates token authentication and
In user.js file
const jwt = require('jsonwebtoken');
//秘钥 var signkey = 'mes_qdhd_mobile'; //生成token const setToken = function (username) { return new Promise((resolve, reject) => { const token = jwt.sign({ username: username }, signkey, { expiresIn: 60 * 60 * 24 * 3 }); // let info = jwt.verify(token.split(' ')[1], signkey) // console.log(info); console.log('token',token); resolve(token); }) } //验证token const verToken = function (token) { return new Promise((resolve, reject) => { var info = jwt.verify(token, signkey ,(error, decoded) => { if (error) { console.log(error.message) return } console.log(decoded) }); resolve(info); }) }
Third, access to parse token, to determine whether or not effectively
In the app.js
const jwt = require('jsonwebtoken');
var user = require('./user.js');
// parse token for user information app.use (function (REQ, RES, Next) { var token = req.headers [ ' Authorization ' ]; IF (token == undefined) { return Next (); } the else { User. verToken (token) .then ((Data) => { req.data = Data; return Next (); }). the catch ((error) => { the console.log (error); return Next (); }) } }); // verification token has expired and no verification provisions which routes app.use (expressJwt ({ Secret: ' mes_qdhd_mobile ' .}) The unless ({ path: [ ' / ' , ' / User / Login ' ] // In addition to this address, other URL requires authentication }));
Fourth, tips
// error handler app.use(function (err, req, res, next) { console.log(err); if (err.name === 'UnauthorizedError') { console.error(req.path + ',无效token'); res.json({ message: 'token过期,请重新登录', code: 400 }) return } // render the error page res.status(err.status || 500); res.render('error'); });
Cai pit record:
Has been in the newspaper format .... Bearer [token] ....
Finally discovered, get in front of the token is a Bearer of, when passing the front of the head, before the token plus "Bearer", will be successful! !