jwt-rt-middleware
Advanced tools
适用于routing-controllers的JWT中间件
npm install --save jwt-rt-middleware
// or
yarn add jwt-rt-middleware
import { createJWTMiddleware } from 'jwt-rt-middleware'
// 指定JWT中携带的信息类型
interface CurrentUser {
uuid: string;
user_name: string;
}
// 创建一个服务器专属的JWT中间件
export const JWTMiddleware = createJWTMiddleware<CurrentUser>({
secret: 'YOUR_JWT_SECRET',
expiresIn: '2h',
token: { type: 'header' }
})
现在你可以在任意层级的使用它进行JWT校验
import { JsonController, UseBefore, Get } from "routing-controllers";
import { JWTMiddleware } from "../middleware"
@JsonController('/auth')
export default class UserController {
@Get('/test')
@UseBefore(JWTMiddleware)
async test() {
// ...
}
}
调用 ${prefix}/auth/test 接口测试接入状况
import { JsonController, UseBefore, Post, Ctx } from "routing-controllers";
import { Context } from "koa";
import { JWTMiddleware } from "../middleware"
@JsonController('/auth')
export default class UserController {
@Post('/login')
async login(
@BodyParam('account', { required: true }) account: string,
@BodyParam('password', { required: true }) password: string,
@Ctx() ctx: Context
) {
// 验证密码并查询用户信息
const { data: user } = await postSomeLoginMethod({ account, password })
// 调用静态方法自动签发并将 token 注入 ctx.response
JWTMiddleware.injectToken(ctx, user)
return { code: 0 }
}
}
| name | required | type | default | example | description |
|---|---|---|---|---|---|
| token | true | TokenOptions | -- | { type: "header" } | 设置token的注入方式,设置type 为 header 则表示使用规范的JWT Authorization |
| ctxState | false | ctxStateOptions | { tokenKey: "token", payloadKey: "payload" } | 见下表 | 设置JWT在接口上下文的存储方式,当前设置可以通过ctx.state.token 获取token,通过ctx.state.payload 获取token中携带的信息 |
| passthrough | false | boolean | false | true | 设置接口是否允许跳过检查 |
| secret | true | string | -- | "some secret" | JWT 签发密钥 |
| expiresIn | false | string | "2h" | "2h" | 签发的JWT的过期时间 |
| handleInsertPayload | false | <A extends T>(payload: T) => A | -- | -- | 在token签发后添加一些增量信息到payload里,方便接口获取 |
| handleValidatePayload | false | (payload: T) => boolean | -- | -- | 设置校验payload合法的函数 |
// 当 type 为 cookie 时,中间件将会把token设置到cookie中
export interface TokenCookie {
type: "cookie";
/** 将要设置的 cookie key */
key: string;
/** 指定cookie的域名 */
domain?: string;
/** 指定cookie是否能被客户端代码中获取 */
httpOnly?: boolean;
/** 指定cookie生效的页面路径 */
path?: string;
}
// 当 type 为 header 时,中间件将会按标准形式设置到 Authorization 头部
export interface TokenHeader {
type: "header";
}
| name | required | type | default | description |
|---|---|---|---|---|
| tokenKey | false | string | "token" | 指定签发的token存放于请求上下文的位置ctx.state[tokenKey] |
| payloadKey | false | string | "payload" | 指定token中的信息存放于请求上下文的位置ctx.state[payloadKey] |
koa 类型的中间件cookie的方式获取与签发Tokenexpress的中间件欢迎在使用的过程中提交issue反馈,感谢支持
FAQs
适用于routing-controllers框架的JWT校验中间件
The npm package jwt-rt-middleware receives a total of 3 weekly downloads. As such, jwt-rt-middleware popularity was classified as not popular.
We found that jwt-rt-middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."