1.7版本生成token逻辑和验证逻辑是这样的
def create_token(username,password):
"""
生成jwt
:param payload: dict 载荷
:param expiry: datetime 有效期
:param JWT_KEY: 密钥
:return: jwt
"""
payload = {
"iat": int(time.time()),
"exp": int(time.time()) + 3600 * 12,
"password": password,
"username": username,
}
token = jwt.encode(payload, JWT_KEY, algorithm='HS256')
return token.decode()
def verify(token,db):
"""
:param token: jwt
:param JWT_KEY: 密钥
:return: dict: payload
"""
try:
payload = jwt.decode(token, JWT_KEY, algorithm=['HS256'])
user = db.query(User).filter(User.account == payload['username']).first()
if user == None:
msg = '用户不存在'
return False, msg
if user.status == 1:
msg = '用户被禁用'
return False, msg
return True, user
except jwt.PyJWTError:
return False, 'Token异常!'
2.0版本更新后
token = jwt.encode(payload, JWT_KEY, algorithm='HS256') 返回值不再是bytes而是str不再需要decode一次。 验证时默认算法参数名algorithm变为algorithms
注意: 不修改原本逻辑可将requirement.text文件中pyjwt修改为指定版本pyjwt==1.7.0
