Home > Article > Web Front-end > node+token implements verification
This time I will bring you node token verification. What are the precautions for node token verification? The following is a practical case, let’s take a look.
Recently studied token-based authentication and integrated this mechanism into personal projects. Nowadays, the authentication method of many websites has shifted from the traditional seesion cookie to token verification. Compared with traditional verification methods, tokens do have better scalability and security.Traditional session cookie authentication
Because HTTP is stateless, it does not record the user's identity. After the user sends the account and password to the server, the background passes the verification, but the status is not recorded, so the next user's request still needs to verify the identity. In order to solve this problem, it is necessary to generate a record containing the user's identity on the server side, that is, session, and then send this record to the user and store it locally in the user's local area, that is, cookie. Next, the user's request will bring this cookie. If the client's cookie and the server's session can match, it means that the user's identity authentication has passed.Token identity verification
The process is roughly as follows:Example
When a user When logging in for the first time, submit the account and password to the server. If the server passes the verification, the corresponding token will be generated. The code is as follows:const fs = require('fs'); const path = require('path'); const jwt = require('jsonwebtoken'); //生成token的方法 function generateToken(data){ let created = Math.floor(Date.now() / 1000); let cert = fs.readFileSync(path.join(dirname, '../config/pri.pem'));//私钥 let token = jwt.sign({ data, exp: created + 3600 * 24 }, cert, {algorithm: 'RS256'}); return token; } //登录接口 router.post('/oa/login', async (ctx, next) => { let data = ctx.request.body; let {name, password} = data; let sql = 'SELECT uid FROM t_user WHERE name=? and password=? and is_delete=0', value = [name, md5(password)]; await db.query(sql, value).then(res => { if (res && res.length > 0) { let val = res[0]; let uid = val['uid']; let token = generateToken({uid}); ctx.body = { ...Tips[0], data: {token} } } else { ctx.body = Tips[1006]; } }).catch(e => { ctx.body = Tips[1002]; }); });The user will store the token obtained locally after passing the verification:
store.set('loginedtoken',token);//store为插件After the client requests an interface that requires identity verification, the token will be placed in the request header and passed to the server:
service.interceptors.request.use(config => { let params = config.params || {}; let loginedtoken = store.get('loginedtoken'); let time = Date.now(); let {headers} = config; headers = {...headers,loginedtoken}; params = {...params,_:time}; config = {...config,params,headers}; return config; }, error => { Promise.reject(error); })The server intercepts the token and verifies the legitimacy of all interfaces that require login. .
function verifyToken(token){ let cert = fs.readFileSync(path.join(dirname, '../config/pub.pem'));//公钥 try{ let result = jwt.verify(token, cert, {algorithms: ['RS256']}) || {}; let {exp = 0} = result,current = Math.floor(Date.now()/1000); if(current <= exp){ res = result.data || {}; } }catch(e){ } return res; } app.use(async(ctx, next) => { let {url = ''} = ctx; if(url.indexOf('/user/') > -1){//需要校验登录态 let header = ctx.request.header; let {loginedtoken} = header; if (loginedtoken) { let result = verifyToken(loginedtoken); let {uid} = result; if(uid){ ctx.state = {uid}; await next(); }else{ return ctx.body = Tips[1005]; } } else { return ctx.body = Tips[1005]; } }else{ await next(); } });The public key and private key used in this example can be generated by yourself. The operation is as follows:
Click here to view the front-end code
code spliting optimization Vue packaging steps detailed explanation
Vue2 routing navigation and axios interceptor packaging
The above is the detailed content of node+token implements verification. For more information, please follow other related articles on the PHP Chinese website!