init

.gitignore

@@ -0,0 +1,11 @@
+
+.Spotlight-V100
+.Trashes
+.DS_Store
+.AppleDouble
+.LSOverride
+._*
+.idea
+.vscode
+
+node_modules

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Readme.md

@@ -0,0 +1,12 @@
+![module info](https://nodei.co/npm/@gm5/controller.png?downloads=true&downloadRank=true&stars=true)
+
+# @gm5/controller
+
+> 控制器基类。
+
+## 安装
+
+```bash
+npm install @gm5/controller
+```
+

index.js

@@ -0,0 +1,62 @@
+/**
+ * json web token
+ * @author yutent<yutent.io@gmail.com>
+ * @date 2020/09/16 17:23:52
+ */
+
+import crypto from 'crypto.js'
+import { base64encode, base64decode } from 'crypto.js'
+
+function hmac(str, secret) {
+  var buf = crypto.hmac('sha256', str, secret, 'buffer')
+  return base64encode(buf, true)
+}
+
+export default class Jwt {
+  constructor(expires, secret) {
+    this.expires = expires
+    this.secret = secret
+  }
+
+  // 签名, 返回token
+  sign(data) {
+    // header: base64("{"typ":"JWT","alg":"HS256"}")
+    // 这里固定使用sha256,
+    var header = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
+    var { expires, secret } = this
+
+    // 加入过期时间, 同session.ttl
+    var payload = { data, expires: Date.now() + expires * 1000 }
+    var auth_str = ''
+
+    payload = JSON.stringify(payload)
+    payload = base64encode(payload, true)
+    auth_str = hmac(`${header}.${payload}`, secret)
+
+    return [header, payload, auth_str].join('.')
+  }
+
+  // 校验token
+  verify(token) {
+    var { secret } = this
+    var jwt = token.split('.')
+    var auth_str, payload
+
+    if (jwt.length !== 3) {
+      return false
+    }
+    auth_str = jwt.pop()
+    payload = JSON.parse(base64decode(jwt[1], true))
+
+    // 如果已经过期, 则不再校验hash
+    if (payload.expires < Date.now()) {
+      return 'expired'
+    }
+
+    if (hmac(jwt.join('.'), secret) === auth_str) {
+      return payload.data
+    }
+
+    return false
+  }
+}

package-lock.json

@@ -0,0 +1,13 @@
+{
+  "name": "@gm5/jwt",
+  "version": "1.0.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "crypto.js": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/crypto.js/-/crypto.js-2.0.1.tgz",
+      "integrity": "sha512-QUN3MEai0qwgFRj9jYY0V8O5ssJwLmSrxlYUVrsryx3UlgIiDQaCsM4613WGv0dKHoHtIozoJTTSYDJHR8xAtw=="
+    }
+  }
+}

package.json

@@ -0,0 +1,14 @@
+{
+  "name": "@gm5/jwt",
+  "version": "1.0.0",
+  "type": "module",
+  "description": "JSON WEB TOKEN",
+  "main": "index.js",
+  "author": "yutent",
+  "keywords": ["fivejs", "jwt", "http"],
+  "repository": "https://github.com/bytedo/gmf.jwt.git",
+  "license": "MIT",
+  "dependencies": {
+    "crypto.js": "^2.0.1"
+  }
+}