node学习—jwt服务器开发

一、jwt服务器开发

//init
const express = require("express");
const app = express();
const cors = require("cors");

// 映射public目录中的静态资源
const path = require("path");
const staticRoot = path.resolve(__dirname, "../public");
app.use(express.static(staticRoot));

const whiteList = ["null", "http://localhost:5008"];
app.use(
  cors({
     
    origin(origin, callback) {
     
      if (!origin) {
     //不跨域的
        callback(null, "*");
        return;
      }
      if (whiteList.includes(origin)) {
     
        callback(null, origin);
      } else {
     
        callback(new Error("not allowed"));
      }
    },
    credentials: true,
  })
);

//jwt
const secrect = "jimo";
const cookieKey = "token";
const jwt = require("jsonwebtoken");

// 颁发jwt
exports.publish = function (res, maxAge = 3600 * 24, info = {
     }) {
     
  const token = jwt.sign(info, secrect, {
     
    expiresIn: maxAge,
  });
  //添加到cookie
  res.cookie(cookieKey, token, {
     
    maxAge: maxAge * 1000,
    path: "/",
  });
  //添加其他传输
  res.header("authorization", token);
};

exports.verify = function (req) {
     
  let token;
  //尝试从cookie中获取
  token = req.cookies[cookieKey]; //cookie中没有
  if (!token) {
     
    //尝试中header中
    token = req.headers.authorization;
    if (!token) {
     
      //没有token
      return null;
    }
    // authorization: bearer token
    token = token.split(" ");
    token = token.length === 1 ? token[0] : token[1];
  }
  try {
     
    const result = jwt.verify(token, secrect);
    return result;
  } catch(err) {
     
    return null;
  }
};

//tokenMiddleware
const {
      getErr } = require("./getSendResult");
const {
      pathToRegexp } = require("path-to-regexp");
const jwt = require("./jwt");
const needTokenApi = [
  {
      method: "POST", path: "/api/student" },
  {
      method: "PUT", path: "/api/student/:id" },
  {
      method: "GET", path: "/api/student" },
  {
      method: "GET", path: "/api/admin/user" },
];

// 用于解析token
module.exports = (req, res, next) => {
     
  // /api/student/:id 和  /api/student/1771
  const apis = needTokenApi.filter((api) => {
     
    const reg = pathToRegexp(api.path);
    return api.method === req.method && reg.test(req.path);
  });
  if (apis.length === 0) {
     
    next();
    return;
  }
  const result = jwt.verify(req);
  if (result) {
     
    //认证通过
    req.userId = result.id;
    next();
  } else {
     
    //认证失败
    handleNonToken(req, res, next);
  }
};

//处理没有认证的情况
function handleNonToken(req, res, next) {
     
  res
    .status(403)
    .send(getErr("you dont have any token to access the api", 403));
}

//api/admin
const express = require("express");
const router = express.Router();
const adminServ = require("../../services/adminService");
const {
      asyncHandler } = require("../getSendResult");
const jwt = require("../jwt");

router.post(
  "/login",
  asyncHandler(async (req, res) => {
     
    const result = await adminServ.login(req.body.loginId, req.body.loginPwd);
    if (result) {
     
      let value = result.id;
      //登录成功
      jwt.publish(res, undefined, {
      id: value });
    }
    return result;
  })
);

router.get("/user", asyncHandler(async (req, res) => {
     
  return await adminServ.getAdminById(req.userId)
}));

module.exports = router;