token Token complete introduction and use

Introduction

For example: if you want to go to the park, this token is equivalent to a ticket, you can only enter with this ticket

Generally used in front-end and back-end development

An encrypted string, which can be decompiled

• Decompilation is to decrypt after encryption
• It ’s just that a key is needed to unlock it.

Implementation process

1. After the user logs in, the server will generate a token. And return the token to the front end
2. After the front end gets the token, it saves it.
3. When calling a sensitive interface, you need to pass the token.
4. The server will verify the token.

What is stored?

Generally stores personal information, expiration time

• When you access the more sensitive interface again, hand the token to the server, and the server will parse it. After parsing, you can get the personal information and expiration time in the token
• The front end cannot get personal information and expiration time, the front end can only get a token, you can not parse this token, only the server side can.
• Why can't the front end? Because there is no secret in the front end, like that kind of more complicated algorithm will not be placed on the front end, because the front-end right-click source code can be seen
• Each time a user logs in, a new token is generated

The specific process of verification

1. Verify that the token is correct
   1. correct.
      Verify that the token has expired.
      1. Expired: return expired information to the front end. The front end allows it to automatically exit
      2. Not expired: continue execution.
   2. Incorrect. An exception is returned. The front end allows it to exit automatically.

Token generation and use

1. Download module JWT–JSON web token
   • On your server side
   • For example, where you write the backend interface, download it from the same address

    - cnpm install jwt-simple -S

2. Introduce

    const jwt = require("jwt-simple");

3. Generate

    jwt.encode(payload,key);  //第一个参数是你要荷载的内容 payload

• Generally contains personal information and expiration time

const key = "sadawidha9dahd"
const token = jwt.encode({
   	admin:"zhangsan",      //个人信息
   	createTime:Data.now()  //生成时间
	}
	,key); 

4. Parsing

    jwt.decode(token,key);   //

    const info = jwt.decode(token,key);   //这个 info 就是你解析的内容，内容就是你荷载的信息

• Used when calling a private interface.

How to determine if the token has expired

• Out of parsing this place
• When generating, we generate a time
• Then I use this to generate time info.createTime
• Now that you know the generation time, compare it with the current time
• Current time-createTime = interval time

    const info = jwt.decode(token,key);   //这个 info 就是你解析的内容，内容就是你荷载的信息
    const nowTime= Date.now();  //当前时间
    
    if((nowTime-info.createTime) > 100*60*1000){
    console.log("过期啦")
    }else{
    console.log("正常")