jwt改为动态密钥

2020-09-24 19:48:06 +08:00 · 2020-09-24 19:48:06 +08:00 · 7fb8d517e4
parent db73867f9f
commit 7fb8d517e4
1 changed files with 33 additions and 29 deletions
--- a/index.js
+++ b/index.js
@ -16,46 +16,50 @@ export default {
  name: 'jwt',
  install() {
    var expires = this.get('session').ttl
-    var secret = this.get('jwt') || 'it_is_secret_key'
+    var opened = this.get('jwt')
    return {
      // 签名, 返回token
-      sign(data) {
+      sign(data, secret = 'it_is_secret_key') {
-        // header: base64("{"typ":"JWT","alg":"HS256"}")
+        if (opened) {
-        // 这里固定使用sha256,
+          // header: base64("{"typ":"JWT","alg":"HS256"}")
-        var header = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
+          // 这里固定使用sha256,
-        // 加入过期时间, 同session.ttl
+          var header = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
-        var payload = { data, expires: Date.now() + expires * 1000 }
+          // 加入过期时间, 同session.ttl
-        var auth_str = ''
+          var payload = { data, expires: Date.now() + expires * 1000 }
          var auth_str = ''
-        payload = JSON.stringify(payload)
+          payload = JSON.stringify(payload)
-        payload = base64encode(payload, true)
+          payload = base64encode(payload, true)
-        auth_str = hmac(`${header}.${payload}`, secret)
+          auth_str = hmac(`${header}.${payload}`, secret)
-        return [header, payload, auth_str].join('.')
+          return [header, payload, auth_str].join('.')
        }
      },
      // 校验token
-      verify(token = '') {
+      verify(token = '', secret = 'it_is_secret_key') {
-        var jwt = token.split('.')
+        if (opened) {
-        var auth_str, payload
+          var jwt = token.split('.')
          var auth_str, payload
          if (jwt.length !== 3) {
            return false
          }
          auth_str = jwt.pop()
          payload = JSON.parse(base64decode(jwt[1], true))
          // 如果已经过期, 则不再校验hash
          if (payload.expires < Date.now()) {
            return false
          }
          if (hmac(jwt.join('.'), secret) === auth_str) {
            return payload.data
          }
        if (jwt.length !== 3) {
          return false
        }
        auth_str = jwt.pop()
        payload = JSON.parse(base64decode(jwt[1], true))
        // 如果已经过期, 则不再校验hash
        if (payload.expires < Date.now()) {
          return 'expired'
        }
        if (hmac(jwt.join('.'), secret) === auth_str) {
          return payload.data
        }
        return false
      }
    }
  }