jwt/index.js

63 lines
1.5 KiB
JavaScript
Raw Normal View History

2020-09-17 19:11:10 +08:00
/**
* json web token
* @author yutent<yutent.io@gmail.com>
* @date 2020/09/16 17:23:52
*/
import crypto from 'crypto.js'
import { base64encode, base64decode } from 'crypto.js'
function hmac(str, secret) {
var buf = crypto.hmac('sha256', str, secret, 'buffer')
return base64encode(buf, true)
}
2020-09-18 14:45:42 +08:00
export default {
2020-09-24 14:45:30 +08:00
name: 'jwt',
install() {
var expires = this.get('session').ttl
2020-09-24 15:34:25 +08:00
var secret = this.get('jwt') || 'it_is_secret_key'
2020-09-24 14:45:30 +08:00
return {
// 签名, 返回token
sign(data) {
// header: base64("{"typ":"JWT","alg":"HS256"}")
// 这里固定使用sha256,
var header = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
// 加入过期时间, 同session.ttl
var payload = { data, expires: Date.now() + expires * 1000 }
var auth_str = ''
payload = JSON.stringify(payload)
payload = base64encode(payload, true)
auth_str = hmac(`${header}.${payload}`, secret)
return [header, payload, auth_str].join('.')
},
// 校验token
verify(token = '') {
var jwt = token.split('.')
var auth_str, payload
if (jwt.length !== 3) {
return false
}
auth_str = jwt.pop()
payload = JSON.parse(base64decode(jwt[1], true))
// 如果已经过期, 则不再校验hash
if (payload.expires < Date.now()) {
return 'expired'
}
if (hmac(jwt.join('.'), secret) === auth_str) {
return payload.data
}
return false
}
2020-09-17 19:11:10 +08:00
}
}
}