Node.js使用Token ExpressJs进行身份validation
我正在尝试为我的服务器创build一个login请求。 我想学习的是如何创build一个令牌,当用户login。创build一个令牌后,我想用该令牌来控制用户的请求。 这是我的代码的例子。 请告诉我我哪里错了。 如果一切都是真的,你能向我解释如何创build它吗?
var port = 8080; var express = require("express"); var bodyParser = require('body-parser'); var mysql = require('mysql'); var bcrypt = require('bcrypt'); var session = require('express-session'); var con = mysql.createConnection({ host: "localhost", user: "root", password: "123456", database: "circles", debug: false }); process.on('uncaughtException', function (err) { console.log('UNCAUGHT', err.stack); }); var app = express(); app.use(express.static("localhost" + "/public")); //use static files in ROOT/public folder app.use(bodyParser.json()); // support json encoded bodies app.use(bodyParser.urlencoded({ extended: true })); app.use(session({secret: 'letsputasmile', proxy: true, resave: true, cookie: { maxAge : 2628000000 }, saveUninitialized: true })); app.get("/", function(request, response){ //root dir response.send("Hello!!"); console.log(response); }); app.post("/register", function (request, response) { var name = request.body.name; var username = request.body.username; var pass = request.body.pass; var salt = bcrypt.genSaltSync(10); var hash = bcrypt.hashSync(pass,salt); console.log(name); console.log(username); console.log(pass); con.query("Insert Into user(name,username,password) Values(\"" + name + "\"," + "\"" + username + "\"," + "\"" + hash + "\")", function (err,result) { if(err) response.send("nop"); else response.send("success"); }); }); app.post("/login", function(request, response) { var username = request.body.username; var pass = request.body.pass; var passer; con.query("select password from user where username = " + "\"" + username + "\"",function (err, result) { if(err) throw err; if(result.length === 1) { passer = result[0].password; } bcrypt.compare(pass, passer, function (err, res) { if(res) response.send("success"); else response.send("nop"); }); }); }); app.listen(port); 你可以做的是创build一个jwt (json webtoken)。 您基本上签署了一些有效负载(无论您想要给客户端的元数据),然后客户端可以在请求某个事物时将该令牌传回,并且服务器可以validation该令牌(对称密钥)是否正确,并且还parsing出服务器的数据需要,例如user_id或类似的。