具体使用模块:
使用compression压缩处理请求响应、cors模块添加跨域、helmet安全模块、body-parser解析请求参数、jsonwebtoken用于生成及校验token、使用内置cluster模块开启多进程模式,具体源码如下:
1、项目组成
2、具体源码
server.js:
// =================================================================
// get the packages we need ========================================
// =================================================================
var express = require('express');
var app = express();
var bodyParser = require('body-parser');
var morgan = require('morgan');
var mongoose = require('mongoose');
var cors = require('cors'); //cors支持
var compression = require('compression'); //压缩
var helmet = require('helmet'); //安全插件
var config = require('./config'); // get our config file
var User = require('./app/models/user'); // get our mongoose model
var Routes = require('./routes'); // get our mongoose model
var Authorize = require('./routes/authorize'); // get token model
var CheckToken = require('./routes/checktoken'); // check token model
var Signup = require('./routes/signup'); // signup model
// =================================================================
// configuration ===================================================
// =================================================================
var port = process.env.PORT || 8080; // used to create, sign, and verify tokens
mongoose.connect(config.database); // connect to database
// use body parser so we can get info from POST and/or URL parameters
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
// use morgan to log requests to the console
app.use(morgan('common'));
app.use(helmet());
//启用cors
app.use(cors({
origin: ['http://localhost:8080'],
methods: ['GET', 'POST'],
alloweHeaders: ['Conten-Type', 'x-access-token']
}));
app.use(compression());
//受token保护的路由
app.use("/api", CheckToken);
Routes(app);
// =================================================================
// start the server ================================================
// =================================================================
app.listen(port, function() {
console.log('My Api is running...');
});
config.js:
module.exports = {
'secret': 'ilovescotchyscotch',
'database': 'mongodb://127.0.0.1:27017/tokenApi'
};
cluster.js:
var cluster = require('cluster');
var os = require('os');
const CPUS = os.cpus();
if (cluster.isMaster) {
CPUS.forEach(function() {
cluster.fork();
});
cluster.on('listening', function(worker) {
console.log('Cluster %d connected', worker.process.pid);
});
cluster.on('disconnect', function(worker) {
console.log('Cluster %d disconnected', worker.process.pid);
});
cluster.on('exit', function(worker) {
console.log('Cluster %d dead', worker.process.pid);
// Ensuring a new cluster will start if an old one dies
cluster.fork();
});
} else {
require("./server");
}
其他源码已上传至github:https://github.com/caiya/node-token-authentication-api
注册:
访问受保护的路由:
根据用户名密码获取token:
发送错误的token:
发送正确的token: