crypto/wallet-svr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改token的加密方式为EDDSA

Browse Source
This commit is contained in:
zhl 2023-05-08 21:30:09 +08:00
parent 88a17b515b
commit 2e7de5db35
4 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.env.development
View File

@ -1,6 +1,7 @@
API_PORT=3007 API_PORT=3007
API_HOST=0.0.0.0 API_HOST=0.0.0.0
API_TOKEN_SECRET=sdf(**&*&xx2213 API_TOKEN_SECRET_PRIVATE=-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIKdK/eFQ2+Q/ml4ruDAItNIwGnQMQm76UX0uecrna7V5\n-----END PRIVATE KEY-----
API_TOKEN_SECRET_PUBLIC=-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAySgE/YiiI2fzpXaco+OWeDAKymEoqqLYYb6RKOEU1n8=\n-----END PUBLIC KEY-----
API_TOKEN_EXPIRESIN=1d API_TOKEN_EXPIRESIN=1d

2
src/controllers/mail.controller.ts
View File

@ -36,7 +36,7 @@ class MailController extends BaseController {
if (!record.verifyPassword(pass)) { if (!record.verifyPassword(pass)) {
throw new ZError(13, 'password error') throw new ZError(13, 'password error')
} }
const token = await res.jwtSign({ id: record.id }) const token = await res.jwtSign({ id: record.id, openid: record.openId, plat: PlatEnum.EMAIL })
return { token: token } return { token: token }
} }

2
src/controllers/main.controllers.ts
View File

@ -53,7 +53,7 @@ class MainController extends BaseController {
if (payload.name) data.nickname = payload.name if (payload.name) data.nickname = payload.name
if (payload.picture) data.avatar = payload.picture if (payload.picture) data.avatar = payload.picture
let user = await Account.insertOrUpdate({ plat: PlatEnum.GOOGLE, openId }, data) let user = await Account.insertOrUpdate({ plat: PlatEnum.GOOGLE, openId }, data)
const ztoken = await res.jwtSign({ id: user.id }) const ztoken = await res.jwtSign({ id: user.id, openid: openId, plat: PlatEnum.GOOGLE })
return { token: ztoken } return { token: ztoken }
} }
} }

18
src/plugins/apiauth.ts
View File

@ -17,31 +17,35 @@ export interface ApiAuthOptions {
secret: string secret: string
expiresIn: string expiresIn: string
} }
const privateKey = process.env.API_TOKEN_SECRET_PRIVATE.replace(/\\n/g, '\n')
const publicKey = process.env.API_TOKEN_SECRET_PUBLIC.replace(/\\n/g, '\n')
const apiAuthPlugin: FastifyPluginAsync<ApiAuthOptions> = async function (fastify, opts) { const apiAuthPlugin: FastifyPluginAsync<ApiAuthOptions> = async function (fastify, opts) {
fastify.register(require('@fastify/jwt'), { fastify.register(require('@fastify/jwt'), {
secret: opts.secret, secret: {
sign: { expiresIn: opts.expiresIn }, private: privateKey,
public: publicKey,
},
sign: { expiresIn: opts.expiresIn, algorithm: 'EdDSA' },
}) })
// 只有路由配置的role为anon才不需要过滤 // 只有路由配置的role为anon才不需要过滤
fastify.decorate('apiAuth', async function (request: FastifyRequest, reply: FastifyReply) { fastify.decorate('apiAuth', async function (request: FastifyRequest, reply: FastifyReply) {
if (!request.roles || request.roles.indexOf('anon') == -1) { if (!request.roles || request.roles.indexOf('anon') == -1) {
try { try {
if (!request.token) { if (!request.token) {
return reply.send({ code: 11, msg: 'need login' }) return reply.send({ errcode: 11, errmsg: 'need login' })
} }
//@ts-ignore //@ts-ignore
const data = this.jwt.verify(request.token) const data = this.jwt.verify(request.token)
if (!data || !data.id) { if (!data || !data.id) {
return reply.send({ code: 10, msg: 'need login' }) return reply.send({ errcode: 10, errmsg: 'need login' })
} }
let account = await Account.findById(data.id) let account = await Account.findById(data.id)
if (!account) { if (!account) {
return reply.send({ code: 10, msg: 'need login' }) return reply.send({ errcode: 10, errmsg: 'need login' })
} }
request.user = account request.user = account
} catch (err) { } catch (err) {
return reply.send({ code: 401, msg: 'need auth' }) return reply.send({ errcode: 401, errmsg: 'need auth' })
} }
} }
}) })