jwt/index.js

108 lines
2.4 KiB
JavaScript
Raw Normal View History

2020-09-17 19:11:10 +08:00
/**
* json web token
* @author yutent<yutent.io@gmail.com>
* @date 2020/09/16 17:23:52
*/
2023-11-01 14:33:57 +08:00
import { base64encode, base64decode, hmac, sha1 } from 'crypto.js'
2020-09-17 19:11:10 +08:00
2023-10-31 18:37:08 +08:00
const HS256_HEADER = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
const DEFAULT_CONFIG = {
ttl: 3600 * 24 * 7,
level: 0, // 校验级别, 0: 不校验客户端, 2: ua, 4: ip, 6: ua + ip
secret: 'it_is_secret_key' // jwt密钥, 使用时请修改
}
2023-11-01 14:33:57 +08:00
function hmac_base64(str, secret) {
let buf = hmac('sha256', str, secret, 'buffer')
2020-09-17 19:11:10 +08:00
return base64encode(buf, true)
}
function JwtMiddleware(req, res, next) {
let { secret, level } = this.get('jwt')
let deviceID = ''
let ssid
// options请求不处理jwt
if (req.method === 'OPTIONS') {
return next()
}
2023-10-31 18:37:08 +08:00
// 校验UA
if (level & 2) {
deviceID += req.header('user-agent')
}
2023-10-31 18:37:08 +08:00
// 校验IP
if (level & 4) {
deviceID += req.ip()
}
2023-10-31 18:37:08 +08:00
if (deviceID) {
deviceID = sha1(deviceID)
}
2023-10-31 18:37:08 +08:00
req.__mix_key__ = secret + deviceID
2020-09-24 14:45:30 +08:00
next()
}
2023-10-31 18:37:08 +08:00
export function createJwt() {
return {
name: 'jwt',
install(conf = {}) {
if (!conf.secret) {
console.warn(
new Error(
'You must set a `secret` key for jwt, or it will use the default key.'
)
)
}
2023-10-31 18:37:08 +08:00
let jwt = Object.assign({}, DEFAULT_CONFIG, conf)
this.set({ jwt })
this.use(JwtMiddleware)
2023-10-31 18:37:08 +08:00
return {
ttl: jwt.ttl,
// 签名, 返回token
// header: base64("{"typ":"JWT","alg":"HS256"}")
// 这里固定使用sha256
sign(data, secret) {
// 加入过期时间,
let payload = { data, expires: Date.now() + this.ttl * 1000 }
let token = ''
2023-10-31 18:37:08 +08:00
payload = base64encode(JSON.stringify(payload), true)
token = hmac_base64(`${HS256_HEADER}.${payload}`, secret)
2020-09-25 18:30:51 +08:00
return `${HS256_HEADER}.${payload}.${token}`
},
2020-09-25 18:30:51 +08:00
// 校验token
verify(token = '', secret) {
let jwt = token.split('.')
let [_, payload, auth] = jwt
2020-09-25 18:30:51 +08:00
if (jwt.length !== 3) {
return false
}
2020-09-25 18:30:51 +08:00
payload = JSON.parse(base64decode(payload, true))
2020-09-25 18:30:51 +08:00
// 如果已经过期, 则不再校验hash
if (payload.expires < Date.now()) {
return false
}
2020-09-25 18:30:51 +08:00
if (hmac_base64(jwt.join('.'), secret) === auth) {
return payload.data
}
return false
}
}
}
2023-10-27 19:19:48 +08:00
}
2020-09-25 18:30:51 +08:00
}