From 2e7de5db359739c2b2f498024a45a9c0a304f665 Mon Sep 17 00:00:00 2001 From: zhl Date: Mon, 8 May 2023 21:30:09 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9token=E7=9A=84=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E6=96=B9=E5=BC=8F=E4=B8=BAEDDSA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env.development | 3 ++- src/controllers/mail.controller.ts | 2 +- src/controllers/main.controllers.ts | 2 +- src/plugins/apiauth.ts | 18 +++++++++++------- 4 files changed, 15 insertions(+), 10 deletions(-) diff --git a/.env.development b/.env.development index d6fae8d..16f2b86 100644 --- a/.env.development +++ b/.env.development @@ -1,6 +1,7 @@ API_PORT=3007 API_HOST=0.0.0.0 -API_TOKEN_SECRET=sdf(**&*&xx2213 +API_TOKEN_SECRET_PRIVATE=-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIKdK/eFQ2+Q/ml4ruDAItNIwGnQMQm76UX0uecrna7V5\n-----END PRIVATE KEY----- +API_TOKEN_SECRET_PUBLIC=-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAySgE/YiiI2fzpXaco+OWeDAKymEoqqLYYb6RKOEU1n8=\n-----END PUBLIC KEY----- API_TOKEN_EXPIRESIN=1d diff --git a/src/controllers/mail.controller.ts b/src/controllers/mail.controller.ts index 78a2e46..c6fe1be 100644 --- a/src/controllers/mail.controller.ts +++ b/src/controllers/mail.controller.ts @@ -36,7 +36,7 @@ class MailController extends BaseController { if (!record.verifyPassword(pass)) { throw new ZError(13, 'password error') } - const token = await res.jwtSign({ id: record.id }) + const token = await res.jwtSign({ id: record.id, openid: record.openId, plat: PlatEnum.EMAIL }) return { token: token } } diff --git a/src/controllers/main.controllers.ts b/src/controllers/main.controllers.ts index b277066..1f7af1e 100644 --- a/src/controllers/main.controllers.ts +++ b/src/controllers/main.controllers.ts @@ -53,7 +53,7 @@ class MainController extends BaseController { if (payload.name) data.nickname = payload.name if (payload.picture) data.avatar = payload.picture let user = await Account.insertOrUpdate({ plat: PlatEnum.GOOGLE, openId }, data) - const ztoken = await res.jwtSign({ id: user.id }) + const ztoken = await res.jwtSign({ id: user.id, openid: openId, plat: PlatEnum.GOOGLE }) return { token: ztoken } } } diff --git a/src/plugins/apiauth.ts b/src/plugins/apiauth.ts index 50bf6da..715d169 100644 --- a/src/plugins/apiauth.ts +++ b/src/plugins/apiauth.ts @@ -17,31 +17,35 @@ export interface ApiAuthOptions { secret: string expiresIn: string } - +const privateKey = process.env.API_TOKEN_SECRET_PRIVATE.replace(/\\n/g, '\n') +const publicKey = process.env.API_TOKEN_SECRET_PUBLIC.replace(/\\n/g, '\n') const apiAuthPlugin: FastifyPluginAsync = async function (fastify, opts) { fastify.register(require('@fastify/jwt'), { - secret: opts.secret, - sign: { expiresIn: opts.expiresIn }, + secret: { + private: privateKey, + public: publicKey, + }, + sign: { expiresIn: opts.expiresIn, algorithm: 'EdDSA' }, }) // 只有路由配置的role为anon才不需要过滤 fastify.decorate('apiAuth', async function (request: FastifyRequest, reply: FastifyReply) { if (!request.roles || request.roles.indexOf('anon') == -1) { try { if (!request.token) { - return reply.send({ code: 11, msg: 'need login' }) + return reply.send({ errcode: 11, errmsg: 'need login' }) } //@ts-ignore const data = this.jwt.verify(request.token) if (!data || !data.id) { - return reply.send({ code: 10, msg: 'need login' }) + return reply.send({ errcode: 10, errmsg: 'need login' }) } let account = await Account.findById(data.id) if (!account) { - return reply.send({ code: 10, msg: 'need login' }) + return reply.send({ errcode: 10, errmsg: 'need login' }) } request.user = account } catch (err) { - return reply.send({ code: 401, msg: 'need auth' }) + return reply.send({ errcode: 401, errmsg: 'need auth' }) } } })