koa+jsonwebtoken,生成token解决方案
1. 使用 koa-session
给请求添加上token
const session = require('koa-session');
const CONFIG = {
key: 'koa:sess',
/** (string) cookie key (default is koa:sess) */
/** (number || 'session') maxAge in ms (default is 1 days) */
/** 'session' will result in a cookie that expires when session/browser is closed */
/** Warning: If a session cookie is stolen, this cookie will never expire */
maxAge: 0,
autoCommit: true,
/** (boolean) automatically commit headers (default true) */
overwrite: true,
/** (boolean) can overwrite or not (default true) */
httpOnly: true,
/** (boolean) httpOnly or not (default true) */
signed: true,
/** (boolean) signed or not (default true) */
rolling: false,
/** (boolean) Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown. (default is false) */
renew: false,
/** (boolean) renew session when session is nearly expired, so we can always keep user logged in. (default is false) */
};
app.keys = ['some secret hurr'];
/**
* session middleware
* @see https://github.com/koajs/session
*/
app.use(session(CONFIG, app));
2. jsonwebtoken https://github.com/auth0/node-jsonwebtoken
用jsonwebtoken对请求到的数据进行加密生成token,用token解密加密的数据
加密
const jwt = require('jsonwebtoken');
let payload = {name:'张三',admin:true}; // 加密的数据
let secret = 'always_and_forever'; // 秘钥,随便写
let token = jwt.sign(payload,secret, { expiresIn: '1h' });
console.log(token)
解密
let payload = jwt.verify(token,secret)
console.log(payload)
3. 在登录操作后
ctx.session.token = token;
退出登录后
ctx.session.token = '';