Compare commits

...

5 Commits
v1 ... master

Author SHA1 Message Date
yutent 0cd03ccde9 crypto.js升级为最新版 2023-11-01 14:33:57 +08:00
yutent 8c7ba96e60 2.0.1 2023-10-31 18:40:05 +08:00
yutent 819361737f 更新readme 2023-10-31 18:39:38 +08:00
yutent e2433cba13 完成2.0版重构 2023-10-31 18:37:08 +08:00
yutent 458c2b403f 2.0 2023-10-27 19:19:48 +08:00
3 changed files with 83 additions and 55 deletions

View File

@ -1,4 +1,6 @@
![module info](https://nodei.co/npm/@gm5/jwt.png?downloads=true&downloadRank=true&stars=true)
![downloads](https://img.shields.io/npm/dt/@gm5/jwt.svg)
![version](https://img.shields.io/npm/v/@gm5/jwt.svg)
# @gm5/jwt # @gm5/jwt
@ -14,10 +16,13 @@ npm install @gm5/jwt
```js ```js
import Five from '@gm5/code' import { createApp } from '@gm5/code'
import jwt from '@gm5/jwt' import { createJwt, JwtModule } from '@gm5/jwt'
var app = new Five() var app = createApp()
app.install(jwt)
app.install(JwtModule)
.use(createJwt())
.run()
``` ```

View File

@ -4,44 +4,59 @@
* @date 2020/09/16 17:23:52 * @date 2020/09/16 17:23:52
*/ */
import crypto from 'crypto.js' import { base64encode, base64decode, hmac, sha1 } from 'crypto.js'
import { base64encode, base64decode, sha1 } from 'crypto.js'
function hmac(str, secret) { const HS256_HEADER = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9'
var buf = crypto.hmac('sha256', str, secret, 'buffer') const DEFAULT_CONFIG = {
ttl: 3600 * 24 * 7,
level: 0, // 校验级别, 0: 不校验客户端, 2: ua, 4: ip, 6: ua + ip
secret: 'it_is_secret_key' // jwt密钥, 使用时请修改
}
function hmac_base64(str, secret) {
let buf = hmac('sha256', str, secret, 'buffer')
return base64encode(buf, true) return base64encode(buf, true)
} }
export const jwtPackage = { export const JwtModule = {
name: 'jwt', name: 'jwt',
install() { install(conf = {}) {
if (!conf.secret) {
console.warn(
new Error(
'Please make sure to set the `secret` field, as the default value is not secure'
)
)
}
let jwt = Object.assign({}, DEFAULT_CONFIG, conf)
this.set({ jwt })
return { return {
ttl: jwt.ttl,
// 签名, 返回token // 签名, 返回token
sign(data, secret, ttl) {
// header: base64("{"typ":"JWT","alg":"HS256"}") // header: base64("{"typ":"JWT","alg":"HS256"}")
// 这里固定使用sha256, // 这里固定使用sha256
var header = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9' sign(data, secret) {
// 加入过期时间, // 加入过期时间,
var payload = { data, expires: Date.now() + ttl * 1000 } let payload = { data, expires: Date.now() + this.ttl * 1000 }
var auth_str = '' let token = ''
payload = JSON.stringify(payload) payload = base64encode(JSON.stringify(payload), true)
payload = base64encode(payload, true) token = hmac_base64(`${HS256_HEADER}.${payload}`, secret)
auth_str = hmac(`${header}.${payload}`, secret)
return [header, payload, auth_str].join('.') return `${HS256_HEADER}.${payload}.${token}`
}, },
// 校验token // 校验token
verify(token = '', secret) { verify(token = '', secret) {
var jwt = token.split('.') let jwt = token.split('.')
var auth_str, payload let auth, payload
if (jwt.length !== 3) { if (jwt.length !== 3) {
return false return false
} }
auth_str = jwt.pop() auth = jwt.pop()
payload = JSON.parse(base64decode(jwt[1], true)) payload = JSON.parse(base64decode(jwt[1], true))
// 如果已经过期, 则不再校验hash // 如果已经过期, 则不再校验hash
@ -49,7 +64,7 @@ export const jwtPackage = {
return false return false
} }
if (hmac(jwt.join('.'), secret) === auth_str) { if (hmac_base64(jwt.join('.'), secret) === auth) {
return payload.data return payload.data
} }
@ -59,10 +74,11 @@ export const jwtPackage = {
} }
} }
export function jwtConnect(req, res, next) { export function createJwt() {
var { secret, level } = this.get('jwt') return function (req, res, next) {
var deviceID = '' let { secret, level } = this.get('jwt')
var ssid let deviceID = ''
let ssid
// options请求不处理jwt // options请求不处理jwt
if (req.method === 'OPTIONS') { if (req.method === 'OPTIONS') {
@ -83,7 +99,8 @@ export function jwtConnect(req, res, next) {
deviceID = sha1(deviceID) deviceID = sha1(deviceID)
} }
req.mixKey = secret + deviceID req.__mix_key__ = secret + deviceID
next() next()
}
} }

View File

@ -1,14 +1,20 @@
{ {
"name": "@gm5/jwt", "name": "@gm5/jwt",
"version": "1.1.0", "version": "2.0.2",
"type": "module", "type": "module",
"description": "json web token", "description": "json web token",
"main": "index.js", "main": "index.js",
"author": "yutent", "author": "yutent",
"keywords": ["fivejs", "jwt", "http"], "keywords": [
"repository": "https://github.com/bytedo/gmf.jwt.git", "fivejs",
"gm5",
"jwt",
"http",
"json_web_token"
],
"repository": "https://git.wkit.fun/gm5/jwt.git",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"crypto.js": "^2.0.1" "crypto.js": "^3.1.2"
} }
} }