閱讀本文前沼头,需要提前閱讀前置內(nèi)容:
一爷绘、Midway 增刪改查
二、Midway 增刪改查的封裝及工具類
三进倍、Midway 接口安全認(rèn)證
四土至、Midway 集成 Swagger 以及支持JWT bearer
五、Midway 中環(huán)境變量的使用
很多時候猾昆,后端接口需要登錄后才能進(jìn)行訪問陶因,甚至有的接口需要擁有相應(yīng)的權(quán)限才能訪問。
這里實現(xiàn)bearer驗證方式(bearerFormat 為 JWT)垂蜗。
安裝JWT組件
>npm i @midwayjs/jwt@3 --save
>npm i @types/jsonwebtoken --save-dev
安裝完后package.json文件中會多出如下配置
{
"dependencies": {
"@midwayjs/jwt": "^3.3.11"
},
"devDependencies": {
"@types/jsonwebtoken": "^8.5.8"
}
}
添加JWT配置
- 修改
src/config/config.default.ts楷扬,添加如下內(nèi)容解幽;
// src/config/config.default.ts
jwt: {
secret: 'setscrew',
expiresIn: 60 * 60 * 24,
}
- 注冊
JWT組件;
// src/configuration.ts
import * as jwt from '@midwayjs/jwt';
@Configuration({
imports: [
jwt,
//...
],
})
export class ContainerLifeCycle {
//...
}
關(guān)于JWT的詳細(xì)使用文檔烘苹,見:http://www.midwayjs.org/docs/extensions/jwt
安裝Redis組件
>npm i @midwayjs/redis@3 --save
>npm i @types/ioredis --save-dev
安裝完后package.json文件中會多出如下配置
{
"dependencies": {
"@midwayjs/redis": "^3.0.0"
},
"devDependencies": {
"@types/ioredis": "^4.28.7"
}
}
注冊Redis組件
// src/configuration.ts
import * as redis from '@midwayjs/redis';
@Configuration({
imports: [
redis,
// ...
],
})
export class ContainerLifeCycle {
// ...
}
添加配置
修改src/config/config.default.ts躲株,添加如下內(nèi)容:
添加Redis配置
// src/config/config.default.ts
redis: {
client: {
host: 127.0.0.1,
port: 6379,
db: 0,
},
}
關(guān)于Redis的詳細(xì)使用文檔,見:http://www.midwayjs.org/docs/extensions/redis
添加安全攔截配置
// src/config/config.default.ts
app: {
security: {
prefix: '/api', # 指定已/api開頭的接口地址需要攔截
ignore: ['/api/login'], # 指定該接口地址镣衡,不需要攔截
},
}
添加接口安全攔截中間件
添加常量定義
// src/common/Constant.ts
export class Constant {
// 登陸驗證時霜定,緩存用戶登陸狀態(tài)KEY的前綴
static TOKEM = 'TOKEN';
}
添加用戶訪問上下文類
// src/common/UserContext.ts
/**
* 登陸后存儲訪問上下文的狀態(tài)數(shù)據(jù),同時也會存在redis緩存中
*/
export class UserContext {
userId: number;
username: string;
phoneNum: string;
constructor(userId: number, username: string, phoneNum: string) {
this.userId = userId;
this.username = username;
this.phoneNum = phoneNum;
}
}
新增或者編輯src/interface.ts廊鸥,將UserContext注冊到ApplecationContext中
// src/interface.ts
import '@midwayjs/core';
import { UserContext } from './common/UserContext';
declare module '@midwayjs/core' {
interface Context {
userContext: UserContext;
}
}
新增中間件src/middleware/security.middleware.ts
// src/middleware/security.middleware.ts
import { Config, Inject, Middleware } from '@midwayjs/decorator';
import { Context, NextFunction } from '@midwayjs/koa';
import { httpError } from '@midwayjs/core';
import { JwtService } from '@midwayjs/jwt';
import { UserContext } from '../common/UserContext';
import { RedisService } from '@midwayjs/redis';
import { Constant } from '../common/Constant';
/**
* 安全驗證
*/
@Middleware()
export class SecurityMiddleware {
@Inject()
jwtUtil: JwtService;
@Inject()
cacheUtil: RedisService;
@Config('app.security')
securityConfig;
resolve() {
return async (ctx: Context, next: NextFunction) => {
if (!ctx.headers['authorization']) {
throw new httpError.UnauthorizedError('缺少憑證');
}
const parts = ctx.get('authorization').trim().split(' ');
if (parts.length !== 2) {
throw new httpError.UnauthorizedError('無效的憑證');
}
const [scheme, token] = parts;
if (!/^Bearer$/i.test(scheme)) {
throw new httpError.UnauthorizedError('缺少Bearer');
}
// 驗證token望浩,過期會拋出異常
const jwt = await this.jwtUtil.verify(token, { complete: true });
// jwt中存儲的user信息
const payload = jwt['payload'];
const key = Constant.TOKEM + ':' + payload.userId + ':' + token;
const ucStr = await this.cacheUtil.get(key);
// 服務(wù)器端緩存中存儲的user信息
const uc: UserContext = JSON.parse(ucStr);
if (payload.username !== uc.username) {
throw new httpError.UnauthorizedError('無效的憑證');
}
// 存儲到訪問上下文中
ctx.userContext = uc;
return next();
};
}
public match(ctx: Context): boolean {
const { path } = ctx;
const { prefix, ignore } = this.securityConfig;
const exist = ignore.find((item) => {
return item.match(path);
});
return path.indexOf(prefix) === 0 && !exist;
}
public static getName(): string {
return 'SECURITY';
}
}
-
@Config('app.security')裝飾類,指定加載配置文件src/config/config.**.ts中對應(yīng)的配置信息惰说; - 使用
JwtService進(jìn)行JWT編碼校驗曾雕;
jwt token將用戶信息編碼在token中,解碼后可以獲取對應(yīng)用戶數(shù)據(jù)助被,通常情況下剖张,不需要存儲到redis中;
但是有個缺點就是揩环,不能人為控制分發(fā)出去的token失效搔弄。所以,有時人們會使用緩存中的用戶信息丰滑;
這里使用了JWT+Redis的方式顾犹,是為了演示兩種做法;
注冊中間件
// src/configuration.ts
this.app.useMiddleware([SecurityMiddleware, FormatMiddleware, ReportMiddleware]);
添加登陸接口
- 添加DTO;
// src/api/dto/CommonDTO.ts
export class LoginDTO {
username: string;
password: string;
}
- 添加VO;
// src/api/vo/CommonVO.ts
export class LoginVO {
accessToken: string;
expiresIn: number;
}
- 修改
src/service/user.service.ts褒墨,添加通過用戶名查找用戶接口炫刷;
import { Provide } from '@midwayjs/decorator';
import { User } from '../eneity/user';
import { InjectEntityModel } from '@midwayjs/orm';
import { Repository } from 'typeorm';
import { BaseService } from '../common/BaseService';
@Provide()
export class UserService extends BaseService<User> {
@InjectEntityModel(User)
model: Repository<User>;
getModel(): Repository<User> {
return this.model;
}
async findByUsername(username: string): Promise<User> {
return this.model.findOne({ where: { username } });
}
}
- 添加Controller
src/controller/common.controller.ts;
// src/controller/common.controller.ts
import { Body, Config, Controller, Inject, Post } from '@midwayjs/decorator';
import { Context } from '@midwayjs/koa';
import { UserService } from '../service/user.service';
import { RedisService } from '@midwayjs/redis';
import { LoginDTO } from '../api/dto/CommonDTO';
import { LoginVO } from '../api/vo/CommonVO';
import { SnowflakeIdGenerate } from '../utils/Snowflake';
import { JwtService } from '@midwayjs/jwt';
import { Assert } from '../common/Assert';
import { ErrorCode } from '../common/ErrorCode';
import { UserContext } from '../common/UserContext';
import { Constant } from '../common/Constant';
import { ILogger } from '@midwayjs/core';
import { decrypt } from '../utils/PasswordEncoder';
import { Validate } from '@midwayjs/validate';
import { ApiResponse, ApiTags } from '@midwayjs/swagger';
@ApiTags(['common'])
@Controller('/api')
export class CommonController {
@Inject()
logger: ILogger;
@Inject()
ctx: Context;
@Inject()
userService: UserService;
@Inject()
cacheUtil: RedisService;
@Inject()
jwtUtil: JwtService;
@Inject()
idGenerate: SnowflakeIdGenerate;
@Config('jwt')
jwtConfig;
@ApiResponse({ type: LoginVO })
@Validate()
@Post('/login', { description: '登陸' })
async login(@Body() body: LoginDTO): Promise<LoginVO> {
const user = await this.userService.findByUsername(body.username);
Assert.notNull(user, ErrorCode.UN_ERROR, '用戶名或者密碼錯誤');
const flag = decrypt(body.password, user.password);
Assert.isTrue(flag, ErrorCode.UN_ERROR, '用戶名或者密碼錯誤');
const uc: UserContext = new UserContext(user.id, user.username, user.phoneNum);
const at = await this.jwtUtil.sign({ ...uc });
const key = Constant.TOKEM + ':' + user.id + ':' + at;
const expiresIn = this.jwtConfig.expiresIn;
this.cacheUtil.set(key, JSON.stringify(uc), 'EX', expiresIn);
const vo = new LoginVO();
vo.accessToken = at;
vo.expiresIn = expiresIn;
return vo;
}
}
使用Postman驗證
-
調(diào)用接口(未設(shè)置憑證)郁妈;
未設(shè)置憑證 -
使用登陸接口獲取token浑玛;
獲取憑證 -
調(diào)用接口(使用憑證);
使用憑證
版權(quán)所有噩咪,轉(zhuǎn)載請注明出處 [碼道功成]
