· 8 years ago · Jan 14, 2018, 05:58 AM
1'use strict';
2const express = require('express');
3const jwt = require('jsonwebtoken');
4
5const app = express();
6const PORT = 4000;
7// å¯ä»¥fs.readfile...
8const SECRET_KEY = 'secretkey123';
9// é…置,expires:过期时间。
10const jwtConfig = {expiresIn: '18s'};
11
12app.get('/api', (req, res, next) => {
13 res.json({
14 message: 'Welcome to the API.',
15 });
16});
17
18app.post('/api/posts', verifyToken, (req, res) => {
19 jwt.verify(req.token, SECRET_KEY, (err, authData) => {
20 if (err) {
21 /* 如果token过期,erræ ¼å¼
22 * err = {
23 name: 'TokenExpiredError',
24 message: 'jwt expired',
25 expiredAt: '2018-01-01T13:23:25.000Z'
26 }
27 如果token验è¯é”™è¯¯ï¼Œerræ ¼å¼
28 err = {
29 name: 'JsonWebTokenError',
30 message: 'invalid token'
31 }
32 * */
33 res.json({err});
34 res.sendStatus(403);
35 } else {
36 res.json({
37 message: 'Post created...',
38 authData,
39 });
40 }
41 });
42});
43
44app.post('/api/login', (req, res) => {
45 // Mock user
46 const user = {
47 id: 1,
48 username: 'å°æ˜Ž',
49 email: 'hello@qq.com',
50 };
51 // 获å–token;
52 jwt.sign({user}, SECRET_KEY, jwtConfig, (err, token) => {
53 res.json({token});
54 });
55});
56
57// tokenæ ¼å¼
58// Authorization: Bearer <access_token>
59
60// 检验是å¦æœ‰Token
61function verifyToken(req, res, next) {
62 // 获å–authorization 的值
63 const bearerHeader = req.headers['authorization'];
64 // 检查如果bearer是å¦å˜åœ¨
65 if (typeof bearerHeader !== 'undefined') {
66 // 得到token
67 const token = bearerHeader.substr(8);
68 // 设置token
69 req.token = token;
70 // Next middleware
71 next();
72 } else {
73 // Forbidden //被ç¦æ¢
74 res.sendStatus(403);
75 }
76}
77
78app.listen(PORT, function() {
79 console.log(`Server started on the port ${PORT}`);
80});