koa+jsonwebtoken，生成token解决方案

1. 使用 koa-session

给请求添加上token

const session = require('koa-session');

const CONFIG = {
  key: 'koa:sess',
  /** (string) cookie key (default is koa:sess) */
  /** (number || 'session') maxAge in ms (default is 1 days) */
  /** 'session' will result in a cookie that expires when session/browser is closed */
  /** Warning: If a session cookie is stolen, this cookie will never expire */
  maxAge: 0,
  autoCommit: true,
  /** (boolean) automatically commit headers (default true) */
  overwrite: true,
  /** (boolean) can overwrite or not (default true) */
  httpOnly: true,
  /** (boolean) httpOnly or not (default true) */
  signed: true,
  /** (boolean) signed or not (default true) */
  rolling: false,
  /** (boolean) Force a session identifier cookie to be set on every response. The expiration is reset to the original maxAge, resetting the expiration countdown. (default is false) */
  renew: false,
  /** (boolean) renew session when session is nearly expired, so we can always keep user logged in. (default is false) */
};
app.keys = ['some secret hurr'];
/**
 * session middleware
 * @see https://github.com/koajs/session
 */
app.use(session(CONFIG, app));

 

2. jsonwebtoken    https://github.com/auth0/node-jsonwebtoken

用jsonwebtoken对请求到的数据进行加密生成token，用token解密加密的数据

加密

const jwt = require('jsonwebtoken');
let payload = {name:'张三',admin:true}; // 加密的数据
let secret = 'always_and_forever'; // 秘钥，随便写
let token = jwt.sign(payload,secret, { expiresIn: '1h' });
console.log(token)

解密

let payload = jwt.verify(token,secret)
console.log(payload)

 

3. 在登录操作后

ctx.session.token = token；

退出登录后

 

ctx.session.token = ''；