具体使用模块:
使用compression压缩处理请求响应、cors模块添加跨域、helmet安全模块、body-parser解析请求参数、jsonwebtoken用于生成及校验token、使用内置cluster模块开启多进程模式,具体源码如下:
1、项目组成
2、具体源码
server.js:
// ================================================================= // get the packages we need ======================================== // ================================================================= var express = require('express'); var app = express(); var bodyParser = require('body-parser'); var morgan = require('morgan'); var mongoose = require('mongoose'); var cors = require('cors'); //cors支持 var compression = require('compression'); //压缩 var helmet = require('helmet'); //安全插件 var config = require('./config'); // get our config file var User = require('./app/models/user'); // get our mongoose model var Routes = require('./routes'); // get our mongoose model var Authorize = require('./routes/authorize'); // get token model var CheckToken = require('./routes/checktoken'); // check token model var Signup = require('./routes/signup'); // signup model // ================================================================= // configuration =================================================== // ================================================================= var port = process.env.PORT || 8080; // used to create, sign, and verify tokens mongoose.connect(config.database); // connect to database // use body parser so we can get info from POST and/or URL parameters app.use(bodyParser.urlencoded({ extended: false })); app.use(bodyParser.json()); // use morgan to log requests to the console app.use(morgan('common')); app.use(helmet()); //启用cors app.use(cors({ origin: ['http://localhost:8080'], methods: ['GET', 'POST'], alloweHeaders: ['Conten-Type', 'x-access-token'] })); app.use(compression()); //受token保护的路由 app.use("/api", CheckToken); Routes(app); // ================================================================= // start the server ================================================ // ================================================================= app.listen(port, function() { console.log('My Api is running...'); });
config.js:
module.exports = { 'secret': 'ilovescotchyscotch', 'database': 'mongodb://127.0.0.1:27017/tokenApi' };
cluster.js:
var cluster = require('cluster'); var os = require('os'); const CPUS = os.cpus(); if (cluster.isMaster) { CPUS.forEach(function() { cluster.fork(); }); cluster.on('listening', function(worker) { console.log('Cluster %d connected', worker.process.pid); }); cluster.on('disconnect', function(worker) { console.log('Cluster %d disconnected', worker.process.pid); }); cluster.on('exit', function(worker) { console.log('Cluster %d dead', worker.process.pid); // Ensuring a new cluster will start if an old one dies cluster.fork(); }); } else { require("./server"); }
其他源码已上传至github:https://github.com/caiya/node-token-authentication-api
注册:
访问受保护的路由:
根据用户名密码获取token:
发送错误的token:
发送正确的token: