当前位置: 首页 > news >正文

react+koa+vite前后端模拟jwt鉴权过程

路由组件(生成token)

const Router = require('@koa/router')
const jwt = require('jsonwebtoken');
const router = new Router()const mockDbUserInfo = [{nickname: 'xxxliu',username: 'Tom',password: 123456,icon: 'url1'},{nickname: 'xxx',username: 'John',password: 123456,icon: 'url2'},
]const secretKey = 'xxxliu key';router.post('/api/home', async ctx => {ctx.response.body = {msg: '主页',code: 'success'}
})router.post('/api/login', async ctx => {try {const { username, password } = ctx.request.body;//mock查db操作const { nickname, password: pwd, icon } = mockDbUserInfo.find(item => item.username === username) || {};if (!nickname) {ctx.response.body = {msg: "不存在该用户",code: "failed",};return;}if (pwd !== password) {ctx.response.body = {msg: "密码输入错误",code: "error",};return;}// 构建 JWT 头部const header = {alg: 'HS256', // 签名算法,例如使用 HMAC SHA-256typ: 'JWT', // Token 的类型};const payload = {username};const options = {expiresIn: '1h', // 设置 JWT 的过期时间header, // 将 header 选项包含在 options 中};//生成tokenconst token = jwt.sign(payload, secretKey, options);ctx.response.body = {nickname,icon,code: "success",msg: "登录成功",};ctx.cookies.set('myToken',token,{                maxAge: 1 * 60 * 60 * 1000,       httpOnly: false})} catch (error) {ctx.response.body = error;}
})module.exports = router;

token解析

const jwt = require('jsonwebtoken');const secretKey = 'xxxliu key';
const verifyToken = async (ctx, next) => {try {const { url } = ctx.request;//走登录页不鉴权const requestUrl = url.split("?")[0];const noVerifyList = ["/api/login"];const noVerify = noVerifyList.includes(requestUrl);if (noVerify) {await next();} else {//拿到请求头的参数const authorization = ctx.request.header["authorization"];const username = ctx.request.body["username"];if (authorization.startsWith('Bearer ')) {const token = authorization.slice(7);const { exp, username: userName } = jwt.verify(token, secretKey) || {};if (userName !== username) {ctx.response.body = {code: "error",msg: "无效的token, 请重新登录",};}else if (exp * 1000 > Date.now()) {ctx.response.body = {code: "error",msg: "登录信息已过期, 请重新登录",};} else {await next();}} else {ctx.response.body = {code: "error",msg: "无效的token, 请重新登录",};}}} catch (err) {if (err.name == "TokenExpiredError") {ctx.body = {code: "error",msg: "token已过期, 请重新登录",};} else if (err.name == "JsonWebTokenError") {ctx.body = {code: "error",msg: "无效的token, 请重新登录",};}}};module.exports = verifyToken;

注册中间件

const Koa = require('koa')
const path = require('path')
const sendfile = require('koa-sendfile')
const static = require('koa-static')
const bodyParser = require("koa-bodyparser")
const router = require('./server/api-router.js')
const assets = require('./server/assets-router')
const verifyToken = require('./server/verifyToken.js');
const app = new Koa()// static
app.use(static(path.resolve(__dirname, 'public')))//body
app.use(bodyParser());//midware auth
app.use(verifyToken);// api
app.use(router.routes()).use(router.allowedMethods())// assets
app.use(assets.routes()).use(assets.allowedMethods())// 404
app.use(async (ctx, next) => {await next()if (ctx.status === 404) {await sendfile(ctx, path.resolve(__dirname, 'public/index.html'))}
})app.listen(3000, () => {console.log(`> http://127.0.0.1:3000`)
})

前端请求(登录+打开主页)

import { useState, useEffect } from 'react'
import getTokenFromCookie from './tools'
function App() {const [response, setResponse] = useState({})const token = getTokenFromCookie();useEffect(() => {fetch('/api/login', {method: 'post',headers: {'Content-Type': 'application/json','Authorization': `Bearer ${token}`,},body: JSON.stringify({username: 'Tom',password: 123456})}).then(res => res.json()).then(res => {setResponse(res);})// fetch('/api/home', {//   method: 'post',//   headers: {//     'Content-Type': 'application/json',//     'Authorization': `Bearer ${token}`,//   },//   body: JSON.stringify({//     username: 'Tom',//     password: 123456//   })// })//   .then(res => res.json())//   .then(res => {//     setResponse(res);//   })}, [])const { nickname, icon, msg } = response || {}return (<div style={{ display: 'flex', alignItems: 'center', justifyContent: 'center' }}>{nickname ? <div><h1>icon: {icon}</h1><h1>nickname: {nickname}</h1><h1>msg: {msg}</h1></div>: <h1>msg: {msg}</h1>}</div>)
}export default App
http://www.lryc.cn/news/145722.html

相关文章:

  • VK1616是LED显示控制驱动电路/LED驱动IC、数显驱动芯片、数码管驱动芯片
  • 开箱报告,Simulink Toolbox库模块使用指南(五)——S-Fuction模块(C MEX S-Function)
  • 摄像头的调用和视频识别
  • 多通道分离与合并
  • JOJO的奇妙冒险
  • LeetCode56.合并区间
  • 【内推码:NTAMW6c】 MAXIEYE智驾科技2024校招启动啦
  • Python框架【模板继承 、继承模板实战、类视图 、类视图的好处 、类视图使用场景、基于调度方法的类视图】(四)
  • 对于前端模块化的理解与总结(很全乎)
  • NewStarCTF 2022 web方向题解 wp
  • WebGL矩阵变换库
  • block层:8. deadline调度器
  • DTO,VO,PO的意义与他们之间的转换
  • Java 集合框架2
  • 2024王道408数据结构P144 T16
  • 【ARM Coresight 系列文章 22 -- linux frace 与 trace-cmd】
  • MyBatis的一级缓存和二级缓存是怎么样的?
  • 下载的文件被Windows 11 安全中心自动删除
  • 【Java List与数组】List<T>数组和数组List<T>的区别(124)
  • Nuxt 菜鸟入门学习笔记四:静态资源
  • C语言 - 结构体、结构体数组、结构体指针和结构体嵌套
  • python安装playwright问题记录
  • 关于gRPC微服务利弊之谈
  • 【Terraform学习】使用 Terraform创建Lambda函数启动EC2(Terraform-AWS最佳实战学习)
  • Mac软件删除方法?如何删除不会有残留
  • 编程之道:【性能优化】提高软件效率的实际建议和避免常见陷阱
  • VGG的结构:视觉几何组(Visual Geometry Group)
  • VBA:按照Excel工作表中的名称列自动汇总多个工作薄中对应sheet中所需要的数据
  • Mybatis1.9 批量删除
  • CUDA小白 - NPP(2) -图像处理-算数和逻辑操作(2)