Use NodeJs realization of JWT login authentication token

Language 2020-02-12 18:35:57 views: null

Advantages token authentication login: stateless, cross-domain, you can prevent csrf, good performance (not every request to the appropriate server query session), clients only need to deposit a local token, each time you access the server headers plus the token can

Implementation:
Installation jwtnpm install jsonwebtoken --save

Import packages:const jwt=require('jsonwebtoken')

Basic use:

const jwt=require('jsonwebtoken')
let token = jwt.sign({user: '1234'}, 'Fizz', {expiresIn: 60 * 60})
console.log(token)
   
   
jwt.verify(token, 'Fizz', function (err, data) {
if (err) console.log(err)
else console.log('解析的数据', data)
})

Practical application:

Package token creation and verification:

const jwt=require('jsonwebtoken')
const screat='frdyhdrustgsdt'

function createToken(payload){
	//产生token
	payload.ctime=Date.now()  //创建时间
	//可加其他字段
	return jwt.sign(payload,screat,{expiresIn: 60})   //设置过期时间60s
}

//验证token
function checkToken(token){
	return new Promise((resolve,reject)=>{
		jwt.verify(token,screat,(err,data)=>{
			console.log(data)
			if(err)  reject('token 验证失败')
			else   resolve(data)
			
		})
	})
}
 
module.exports={
	createToken,checkToken
}

JWT client receives the server returns, which can be stored in Cookie, can also be stored in localStorage.

User login is successful return token:

 let token=jwt.createToken({id:data.id,name:data.name})
 res.status(200).send({success:"true",token:token, msg: "登录成功"})

Note that:
Payload is part of a JSON object, used to store the actual data transfer is required. JWT provides for seven official field: the default is not encrypted, anyone can read, do not put confidential information in this section. Also translated into strings using Base64URL algorithm .
Can check out the official https://www.npmjs.com/package/jsonwebtoken#token-expiration-exp-claim

After a successful login, the client other operations, the request to carry on the token, server-side validation:

//检查token
app.use((req,res)=>{
		let token=req.headers.authorization
	jwt.checkToken(token)  
	  .then((data)=>{
	  	console.log(data)
	  next()
	  })
	  .catch((err)=>{
	  	res.send({err:-1,msg:"'token非法"})
	  })
})
codingWeb
Published 41 original articles · won praise 3 · Views 4570
Private letter concerns

Guess you like

Origin blog.csdn.net/fesfsefgs/article/details/104281914
Recommended
Ranking
SpringBoot-integrate redis
[Sword pointing to offer] Interview question 03: Repeated numbers in an array
Arrangement "Offer Penalty for prove safety" string
Browser prevent the automatic generation of fill and Echo have been saved account solutions
Work hard and never slacken——2022 Yinmai Information Year-End Summary
Install jdk7 on Linux system
App common dependency management tools
EduCoder-Web程序设计基础-html5— 给表单组件添加说明-第1关:label标签相关概念
Machine learning - clustering - density clustering algorithm notes
Ant's large model is exposed, AI+ finance enters the "big model" era
Daily
More
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)

Code World

© 2018 codetd.com