token非对称加密

const fs = require("fs")
const Koa = require("koa")
const KoaRouter = require("@koa/router")
const jwt = require("jsonwebtoken")const app = new Koa()const userRouter = new KoaRouter({ prefix: "/users" })// 私钥用于加密，公钥用于解密
// 私钥用于颁发token，公钥用于验证token，公钥不能颁发token
// 私钥和公钥是一对，不能单独使用，只能利用私钥加密生成token，只能利用公钥进行解密
// 使用openssl来生成一对私钥和公钥：openssl是git bash自带的
// openssl
// genrsa -out private.key 1024
// rsa -in private.key -pubout -out public.key// readFileSync得到buffer对象
const privateKey = fs.readFileSync("./keys/private.key")
const publicKey = fs.readFileSync("./keys/public.key")userRouter.get("/login", (ctx, next) => {// 颁发token的步骤// 获取到用户的信息const payload = { id: 111, name: "why" }// 使用privateKey进行加密const token = jwt.sign(payload, privateKey, {expiresIn: 60,// 指定非对称加密算法algorithm: "RS256",})ctx.body = {code: 0,token,message: "登录成功, 可以进行其他的操作",}
})userRouter.get("/list", (ctx, next) => {// 1.获取客户端携带过来的tokenconst authorization = ctx.headers.authorizationconst token = authorization.replace("Bearer ", "")console.log(token)// 2.验证tokentry {// 使用publicKey进行解密/验证tokenconst result = jwt.verify(token, publicKey, {algorithms: ["RS256"],})ctx.body = {code: 0,data: [{ id: 111, name: "why" },{ id: 111, name: "why" },{ id: 111, name: "why" },],}} catch (error) {console.log(error)ctx.body = {code: -1010,message: "token过期或者无效的token~",}}
})app.use(userRouter.routes())
app.use(userRouter.allowedMethods())app.listen(8000, () => {console.log("服务器启动成功~")
})

https://developer.aliyun.com/article/1358589