diff --git a/index.js b/index.js index 3cfa292..77cfdf8 100644 --- a/index.js +++ b/index.js @@ -7,55 +7,69 @@ import crypto from 'crypto.js' import { base64encode, base64decode, sha1 } from 'crypto.js' +const HS256_HEADER = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9' +const DEFAULT_CONFIG = { + ttl: 3600 * 24 * 7, + level: 0, // 校验级别, 0: 不校验客户端, 2: ua, 4: ip, 6: ua + ip + secret: 'it_is_secret_key' // jwt密钥, 使用时请修改 +} + function hmac(str, secret) { - var buf = crypto.hmac('sha256', str, secret, 'buffer') + let buf = crypto.hmac('sha256', str, secret, 'buffer') return base64encode(buf, true) } -export function createJwtModule() { - return { - name: 'jwt', - install() { - return { - // 签名, 返回token - sign(data, secret, ttl) { - // header: base64("{"typ":"JWT","alg":"HS256"}") - // 这里固定使用sha256, - var header = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9' +export const JwtModule = { + name: 'jwt', + install(conf = {}) { + if (!conf.secret) { + console.warn( + new Error( + 'Please make sure to set the `secret` field, as the default value is not secure' + ) + ) + } - // 加入过期时间, - var payload = { data, expires: Date.now() + ttl * 1000 } - var auth_str = '' + let jwt = Object.assign({}, DEFAULT_CONFIG, conf) + this.set({ jwt }) - payload = JSON.stringify(payload) - payload = base64encode(payload, true) - auth_str = hmac(`${header}.${payload}`, secret) + return { + ttl: jwt.ttl, + // 签名, 返回token + // header: base64("{"typ":"JWT","alg":"HS256"}") + // 这里固定使用sha256 + sign(data, secret) { + // 加入过期时间, + let payload = { data, expires: Date.now() + this.ttl * 1000 } + let token = '' - return [header, payload, auth_str].join('.') - }, + payload = base64encode(JSON.stringify(payload), true) + token = hmac(`${HS256_HEADER}.${payload}`, secret) - // 校验token - verify(token = '', secret) { - var jwt = token.split('.') - var auth_str, payload + return `${HS256_HEADER}.${payload}.${token}` + }, - if (jwt.length !== 3) { - return false - } - auth_str = jwt.pop() - payload = JSON.parse(base64decode(jwt[1], true)) - - // 如果已经过期, 则不再校验hash - if (payload.expires < Date.now()) { - return false - } - - if (hmac(jwt.join('.'), secret) === auth_str) { - return payload.data - } + // 校验token + verify(token = '', secret) { + let jwt = token.split('.') + let auth, payload + if (jwt.length !== 3) { return false } + auth = jwt.pop() + payload = JSON.parse(base64decode(jwt[1], true)) + + // 如果已经过期, 则不再校验hash + if (payload.expires < Date.now()) { + return false + } + + if (hmac(jwt.join('.'), secret) === auth) { + return payload.data + } + + return false } } } @@ -63,9 +77,9 @@ export function createJwtModule() { export function createJwt() { return function (req, res, next) { - var { secret, level } = this.get('jwt') - var deviceID = '' - var ssid + let { secret, level } = this.get('jwt') + let deviceID = '' + let ssid // options请求不处理jwt if (req.method === 'OPTIONS') { diff --git a/package.json b/package.json index d60d1e6..f791093 100644 --- a/package.json +++ b/package.json @@ -1,12 +1,18 @@ { "name": "@gm5/jwt", - "version": "1.1.0", + "version": "2.0.0", "type": "module", "description": "json web token", "main": "index.js", "author": "yutent", - "keywords": ["fivejs", "jwt", "http"], - "repository": "https://github.com/bytedo/gmf.jwt.git", + "keywords": [ + "fivejs", + "gm5", + "jwt", + "http", + "json_web_token" + ], + "repository": "https://git.wkit.fun/gm5/jwt.git", "license": "MIT", "dependencies": { "crypto.js": "^2.0.1"