安装jsonwebtoken
npm install jsonwebtoken -S
加密
utils/constant.js:密钥和token时间
module.exports = {
PRIVATE_KEY: 'test',
EXPIRESD: 60 * 60 * 24
}
user.js
const jwt = require('jsonwebtoken')
const {PRIVATE_KEY, EXPIRESD } = require('../utils/constant');
... ...
/* 登录 */
router.post('/login', async (req, res, next) => {
let { username, password } = req.body
try {
let user = await querySql('select * from user where username=?', [username])
if (user.length != 0) {
password = md5(`${password}${PWD_SALF}`)
let result = await querySql('select * from user where username = ? and password = ?', [username, password])
if (result.length == 0) {
res.send({ code: -1, msg: '账号或密码错误' })
} else {
let token = jwt.sign({ username }, PRIVATE_KEY, { expiresIn: EXPIRESD })
res.send({ code: 0, msg: '登录成功', token: token })
}
} else {
res.send({ code: -1, msg: '该账号不存在' })
}
} catch (error) {
console.log(error)
next(error)
}
})
解密
npm install express-jwt
const jwt = require('express-jwt')
const { PRIVATE_KEY } = require('./utils/constant');
... ...
app.use(jwt({
secret: PRIVATE_KEY
}).unless({ // 白名单
path: ['/api/users/login', '/api/users/register']
}))
... ...
// error handler
app.use(function (err, req, res, next) {
if (err.name == 'UnauthorizedError') {
res.status(401).send('invalid token...');
} else {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
// render the error page
res.status(err.status || 500);
res.render('error');
}
});
