JSON Web Tokens ... | NodeJS 案例

作者: 不知道的是 | 来源:发表于2018-06-30 05:46 被阅读0次

JSON Web Tokens ... | NodeJS 案例
express框架的token方案
JWT简介
F周刊：2017-04-23
OAuth2和JWT - 如何设计安全的API？
JWT(1)
你在用 JWT 代替 Session?
现今逐渐在用JWT代替Session?
JWT全面解读、详细使用步骤
【点评】 JWT(JSON Web Tokens) 用户认证

package.json

{
  "name": "08_JWT",
  "version": "1.0.0",
  "description": "JWT example",
  "main": "app.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "dependencies": {
    "express": "^4.16.3",
    "jsonwebtoken": "^8.3.0"
  }
}

app.js

const express = require('express')

const jwt = require('jsonwebtoken')

const app = express()

app.get('/api', (req, res) => {
  res.json({
    message: 'Welcome to the API'
  })
})

app.post('/api/posts', VerifyToken, (req, res) => {
  jwt.verify(req.token, 'secretkey', (err, authData) => {
    if (err) {
      res.sendStatus(403)
    } else {
      res.json({
        message: 'Post created...',
        authData
      })
    }
  })
})

app.post('/api/login', (req, res) => {
  // Mock user
  const user = {
    id: 1,
    username: 'brad',
    email: 'brad@gmail.com'
  }

  jwt.sign({ user }, 'secretkey', { expiresIn: '30s' }, (err, token) => {
    res.json({
      token
    })
  })
})

// FORMAT OF TOKEN
// Authorization: Bearer <access_token>

// Verify Token
function VerifyToken(req, res, next) {
  // Get auth header value
  const bearerHeader = req.headers['authorization']
  // Check if bearer is undefined
  if (typeof bearerHeader !== 'undefined') {
    // Split at the space
    const bearer = bearerHeader.split(' ')
    // Get token from array
    const bearerToken = bearer[1]
    // Set the token
    req.token = bearerToken
    // Next middleware
    next()
  } else {
    // Forbidden
    res.sendStatus(403)
  }
}

app.listen(5000, () => {
  console.log('Server started on port 5000')
})

README.md

npm install express jsonwebtoken

npm install -g nodemon

/api