Node实战：接口身份验证

19_Node.js/day-6/code/koa-demo/middlewares/jwt.verify.js

@@ -0,0 +1,31 @@
+import jwt from 'jsonwebtoken';
+
+const defaultOption = {
+  secret: '',
+  headerName: 'authorization',
+  whiteList: ['/login', '/register'],
+};
+
+export default function (opts) {
+  let { secret, headerName } = { ...defaultOption, ...opts };
+
+  return async (ctx, next) => {
+    try {
+      const token = ctx.headers[headerName].replace('Bearer ', '');
+
+      if (token == jwt.sign(jwt.verify(token, secret), secret)) {
+        await next();
+      } else {
+        ctx.body = {
+          code: 401,
+          message: '您还未登录或登录已超时',
+        };
+      }
+    } catch (err) {
+      ctx.body = {
+        code: 401,
+        message: '登录已超时',
+      };
+    }
+  };
+}

19_Node.js/day-6/code/koa-demo/router/index.mjs

@@ -3,7 +3,7 @@ import { koaBody } from 'koa-body';
 import { copyFile, rm, access, mkdir } from 'node:fs/promises';
 import { UPLOAD_DIR, STATIC, SECRET } from '../app.config.mjs';
 import jwt from 'jsonwebtoken';
-
+import tokenVerify from '../middlewares/jwt.verify.js';
 const router = new Router();
 
 // 通过router实例的一些方法 比如 get、post等去定义 对应请求方法的路由
@@ -35,13 +35,14 @@ router
       };
     }
   })
-  .get('/', async (ctx) => {
+  .get('/', tokenVerify({ secret: SECRET }), async (ctx) => {
     let res = await ctx.execute('select * from users;');
+    ctx.status = 200;
     ctx.body =
       res === false
         ? {
             code: 1,
-            msg: '失败',
+            message: '请求超时',
           }
         : {
             code: 0,
@@ -51,6 +52,7 @@ router
   })
   .put(
     '/upload',
+    tokenVerify({ secret: SECRET }),
     koaBody({
       multipart: true,
       formidable: {