search

ttpos / url

A simple and efficient URL shortener
https://t.a.app/
0 stars 0 forks source link

# 管理端JWT验证 #6

Closed aazf closed 2 months ago

aazf commented 2 months ago

JWT 验证开发文档

对所有后端接口通过JWT验证请求合法性

获取token Authorization: Bearer <JWT_TOKEN>

jwt 验证代码

 const hexpub = '04086ed2fbc88ef5f402a4a3fcd289474c5d91b7adaa931c13a246cb33a71b2948a3d9843ffefc7d849fb1ec2bbfc57a2671883ed460566baaa7bfb1ff7510bb70'

  const alg = {
    cur: 'prime256v1',
    crv: 'P-256',
    jwt: 'ES256',
    kty: 'EC',
  }

  const publicKey = Buffer.from(hexpub, 'hex')
  const jwk = {
    kty: alg.kty,
    crv: alg.crv,
    alg: alg.jwt,
    x: jose.base64url.encode(publicKey.subarray(1, 33)),
    y: jose.base64url.encode(publicKey.subarray(33)),
  }

  const pubKey = await jose.importJWK(jwk)

  const token = 'eyJhbGciOiJFUzI1NiJ9.eyJzdWFiIjoidHBsaWcwOnY4YSJ9.RbAYPr0cnNF8eD7uHfAsXqWBtrJunl9q6fsj-WGbcS5iNE_jU_N4pN4U2LVX0efjoj2EWudbM-bBs3e162eZfg'

  const verify = await jose.jwtVerify(token, pubKey)

  logger.info(verify)
aazf commented 2 months ago

只需要公钥验证部分,需要引入额外变量 NUXT_JWT_PUBKEY