#yyds干货盘点#nodejs 后端 token 权限问题
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了#yyds干货盘点#nodejs 后端 token 权限问题相关的知识,希望对你有一定的参考价值。
话不多说,直接上代码
登录接口
export default class AuthController
static async login(req, res)
try
const name, password = req.body;
if (!name || typeof name !== "string")
res.status(400).json(resultFail("Bad name format, expected string."));
return;
if (!password || typeof password !== "string")
res.status(400).json(resultFail("Bad password format, expected string."));
return;
let userFromDB = await AuthDAO.getUser(name);
if (!userFromDB)
res.status(401).json(resultFail("Make sure your name is correct."));
return;
const user = new AuthUser(userFromDB);
if (!(await user.comparePassword(password)))
res.status(401).json(resultFail("Make sure your password is correct."));
return;
user.encoded().then((token) =>
let option =
token: token,
userName: userFromDB.name,
role: userFromDB.privilege
userManager.setCurrentCacheToken(option);
res.send(resultSuccess(
auth_token: token,
...user.toJson()
))
);
catch (e)
res.status(400).json(resultFail(e));
权限分配对应接口
import token from morgan;
import
ADMIN,
NORMAL,
ANONYMOUS
from ./common/constants;
import resultFail from ./common/utils;
import path from "path";
// API for different permission
const api4anonymous = [
"/api/devices/",
"/api/devices/get-device",
"/sys/health-check",
"/sys/access-log",
"/auth/login"
]
const api4normal = [
"/api/devices/",
"/api/devices/get-device",
"/sys/health-check",
"/sys/access-log",
"/auth/login"
]
const api4admin = [
"all"
]
const rolePermission = new Map([
[ADMIN, api4admin],
[NORMAL, api4normal],
[ANONYMOUS, api4normal],
]);
class UserManager
#cacheToken;
#apiPermissionMap;
constructor()
this.#cacheToken =
token : ,
role : ANONYMOUS,
userName :
;
this.#apiPermissionMap = rolePermission;
setCurrentCacheToken(option)
// token empty indicate role is anonymous
if (option.token !== )
if (typeof(option.token) == string)
this.#cacheToken.token = option.token;
if (typeof(option.role) == number)
this.#cacheToken.role = option.role;
if (typeof(option.userName) == string)
this.#cacheToken.userName = option.userName;
getCurrentCacheToken()
return this.#cacheToken;
verifyApiPermission(reqUrl)
let role = this.#cacheToken[role];
if (this.#cacheToken.token === )
role = ANONYMOUS;
if (this.#apiPermissionMap.has(role))
// admin can do anything
if(role === ADMIN)
return true;
if(this.#apiPermissionMap.get(role).indexOf(reqUrl) !== -1)
return true;
return false;
;
function reqPermissionHandler(req, res, next)
const reqUrl = path.join(req.baseUrl, req.url);
let token = req.get("authorization");
if (!token)
token = ;
else
token = token.slice("Bearer ".length);
if (token != userManager.getCurrentCacheToken().token && token !== )
res.status(401).json(resultFail((token error)));
return;
if (userManager.verifyApiPermission(reqUrl))
next();
else
res.status(403).json(resultFail((No Permission)));
return;
let userManager = new UserManager();
function userName()
return userManager.getCurrentCacheToken().userName;
export reqPermissionHandler, userManager, userName;
以上是关于#yyds干货盘点#nodejs 后端 token 权限问题的主要内容,如果未能解决你的问题,请参考以下文章
ASP.NET Core 自动刷新JWT Token #yyds干货盘点#