node 中jwt的使用token的加解密数据库奔跑吧-CPU-

// nodejs+express+jwt-simple let jwt = require('jwt-simple'); //秘钥 let secret = "laney"; let time = 10; let tokenExpiresTime = 1000 * 60 * 60 * 24 * 7;//token过期时间,毫秒为单位， 7天  module.exports = { /*   *检验token合法性  */   validate:function(req,res,next){ let token = req.headers.token; if(token){ let decodeToken = null; try { //防止假冒token解析報錯  // decodeToken = jwt.decode(token,secret,'HS256');               decodeToken = jwt.decode(token,secret); //解密 } catch (err) {              res.status(401).send("非法访问"); return; } let exp = decodeToken.exp; if(!exp){           res.status(401).send("非法访问"); } // time*60*1000   = > 10分钟 if(exp<(Date.now()+time*60*1000)){         res.send({code:'002',"errorMsg":"授权超时"}) } next(); }else{         res.status(401).send("非法访问"); } }, /* 生成token*/ makeToken(username){ let Token = null; //需要加密的对象 let payload = {                user:username,               time:new Date().getTime(),                exp:Date.now() + tokenExpiresTime           };       Token = jwt.encode(payload,secret); //加密 return Token; } } // jwt 编码解码方法 // jwt_encode(payload, key, algorithm, options) // jwt_decode(token, key, noVerify, algorithm) 

var express = require('express'); var mysql = require('mysql'); var router = express.Router(); let auth = require('../lib/auth.js'); /*建立数据库链接*/ var db = mysql.createConnection({   host:'127.0.0.1',   user: 'root',   password: 'root',   port: '3306',   database: 'ruanmoutest' }); // Connect db.connect((err) => { if(err) { throw(err); }   console.log('MySql Connected...') }) /* GET users listing. */ router.get('/', function(req, res, next) { //发送各种类型的响应   res.send('respond with a resource'); // res.end();//结束响应过程 }); //登录接口 router.post('/login',function(req,res,next){ let username = req.body.username; let password = req.body.password; const adminStr = `select * from manage where username='${username}' and password='${password}'`;     db.query(adminStr, (err, data) => { if (err) {         console.log(err);         res.status(500).send('database err').end(); } else { if (data.length == 0) {             res.json({               code:0,               data:0,               message:'用户名或者密码错误' }); } else { // res.send(data); //先从数据库里查询是否有这个用户， 如果有就开始鉴权生成token，否则不处理 let Token = auth.makeToken(username);              res.json({               code:1,               data:{                   user:username               },               token:Token             },200) } } }); }); //注册 router.post('/reg',(req,res)=>{ //先验证数据库里是否有这个 用户名 var  sqlStr01 = 'select * from manage';    db.query(sqlStr01,(err,results) => { if(err){ return res.json({               code:0,               message:'注册失败，用户名已经被注册过了！',               data:0 }) } else if(results.length>0) { //这里再进行数据库的插入工作 var {phone,username,password} = req.query; var sqlInsert = `insert into manage(username,password,phone) values("${phone}","${username}","${password}")`;         db.query(sqlInsert,(err,results) => { if(err) { return res.json({                     code:0,                     message:'获取失败' }) }             res.json({                 code:1,                 message:'注册成功',                 data:1 }) }) } }) }) //员工列表 router.post('/staffs',(req,res)=>{ const sqlStr = 'select * from staffs';   db.query(sqlStr,(err,results) => { if(err) { return res.json({               code:0,               message:'获取失败',               data:0 }) }       res.json({           code:1,           message:'获取成功',           data:results       }) }) }) router.use('*',[auth.validate],function(req,res,next){ next(); }); //添加员工 router.post('/staffs/add',(req,res)=>{ var {username,sex,age,hometown} = req.query;        console.log(req.query); //  var sqp2="INSERT INTO staffs(username,age,hometown,sex) values('11','33','oo','ppp')"; var sqlInsert = `INSERT INTO staffs(username,age,hometown,sex) values("${username}","${age}","${hometown}","${sex}")`;    db.query(sqlInsert,(err,results) => { if(err) { return res.json({               code:0,               message:'插入数据失败',               data:0 }) }       res.json({           code:1,           message:'插入数据成功',           data:results       }) }) }); //删除员工 router.delete('/staffs/delete',(req,res)=>{ var {id} = req.query;       console.log(req.query); var sqlDelete = `DELETE FROM staffs where id=${id}`;   db.query(sqlDelete,(err,results) => { if(err) { return res.json({               code:0,               message:'删除数据失败',               data:0 }) }       res.json({           code:1,           message:'删除数据成功',           data:1 }) }) }); //修改员工 router.post('/staffs/update',(req,res)=>{ var {id,username,sex,age,hometown} = req.query; var sqlDelete = `UPDATE staffs SET username = '${username}',sex='${sex}', age='${age}', hometown='${hometown}' WHERE id = ${id} `;   db.query(sqlDelete,(err,results) => { if(err) { return res.json({               code:0,               message:'修改数据失败',               data:0 }) }       res.json({           code:1,           message:'修改数据成功',           data:1 }) }) });  module.exports = router; 

 var formLogin =document.getElementById('formLogin');     document.getElementById('btnLogin').onclick = async function(){          ajax.post("/users/login",{             username:formLogin.username.value,             password:formLogin.password.value         }).then((res)=>{ if(res && res.code==1){                 localStorage.setItem('token',res.token);                 localStorage.setItem('userInfo',res.data.user);                 createMessTipWin.tipMsg('登陆成功！',function(){                     location.href="/staffs"; }); } }); } //滑块验证码  window.addEventListener('load',function(){ //code是后台传入的验证字符串 var code = "jsaidaisd656",    codeFn = new moveCode(code); //获取当前的code值 //console.log(codeFn.getCode()); //改变code值 //code = '46asd546as5'; //codeFn.setCode(code); //重置为初始状态 //codeFn.resetCode(); });