node的crypto模块 #58

Wscats · 2019-10-18T00:57:57Z

var crypto = require("crypto");
var token = {
	createToken: function(obj, timeout) {
		//后来加的时效性  token在30内都是有效的
		var timeout = 300000;
		
		console.log(parseInt(timeout) || 0);
		var obj2 = {
			data: obj, //payload
			created: parseInt(Date.now() / 1000), //token生成的时间的，单位秒
			exp: parseInt(timeout) || 10 //token有效期
		};
		//payload信息
		var base64Str = Buffer.from(JSON.stringify(obj2), "utf8").toString("base64");
		//添加签名，防篡改
		var secret = "piggyyao.com";
		var hash = crypto.createHmac('sha256', secret);
		hash.update(base64Str);
		var signature = hash.digest('base64');
		return base64Str + "." + signature;
	},
	decodeToken: function(token) {
		var decArr = token.split(".");
		if(decArr.length < 2) {
			//token不合法
			return false;
		}
		var payload = {};
		//将payload json字符串 解析为对象
		try {
			payload = JSON.parse(Buffer.from(decArr[0], "base64").toString("utf8"));
		} catch(e) {
			return false;
		}
		//检验签名
		var secret = "piggyyao.com";
		var hash = crypto.createHmac('sha256', secret);
		hash.update(decArr[0]);
		var checkSignature = hash.digest('base64');
		return {
			payload: payload,
			signature: decArr[1],
			checkSignature: checkSignature
		}
	},
	checkToken: function(token) {
		var resDecode = this.decodeToken(token);
		if(!resDecode) {

			return false;
		}
		//是否过期
		var expState = (parseInt(Date.now() / 1000) - parseInt(resDecode.payload.created)) > parseInt(resDecode.payload.exp) ? false : true;
		if(resDecode.signature === resDecode.checkSignature && expState) {
			return true;
		}
		return false;
	}
}
module.exports = exports = token;

Heathy · 2019-11-13T14:18:25Z

好像看姚先生写三十天免登入

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

node的crypto模块 #58

node的crypto模块 #58

Wscats commented Oct 18, 2019

Heathy commented Nov 13, 2019

node的crypto模块 #58

node的crypto模块 #58

Comments

Wscats commented Oct 18, 2019

Heathy commented Nov 13, 2019