tinywan / webman-jwt Goto Github PK
View Code? Open in Web Editor NEW🔑 An authentication(认证) library that supports JSON Web Token (JWT) for webman plugin
Home Page: https://www.workerman.net/webman
License: Apache License 2.0
🔑 An authentication(认证) library that supports JSON Web Token (JWT) for webman plugin
Home Page: https://www.workerman.net/webman
License: Apache License 2.0
如标题
1、建议增加GET的获取方式,有的项目并不是从header里放。
2、建议增加验证方法,入参是token和uid,判断两个是否相同
如何避免前后台的token混淆,比如我前台登录一个id=1的用户获取到了token,结果这个token拿到后台的接口也能用。。
RedisHandler::clearToken($config['cache_token_pre'], self::getCurrentId());
参数第二个类型是string,而self::getCurrendId()方法返回的是Int,报类型错误
php版本8.0
按照目前这种情况,假如token有效期两小时,refreshtoken有效期7天。token过期了,可以凭refreshtoken获取新token,但是refreshtoken一直是7天有效期的话,就会出现,当refreshtoken过期了的时候,就需要重新登录了,这种场景下,就可能会出现用户正在正常使用的过程中,突然需要重新登录了
🥰
退出登录操作,释放token
if ($config['is_single_device']) {
$client = $extend['extend']['client'] ?? self::TOKEN_CLIENT_WEB;
RedisHandler::generateToken($config['cache_token_pre'], (string) $client, (string) $extend['id'], $config['access_exp'], $token['access_token']);
}
这里获取$extend['extend']['client']
多写了一个['extend']
比如管理员端需要多设备登录,客户端只能单设备登录
/**
* @desc: 获取当前用户信息
* @return array
* @author Tinywan(ShaoBo Wan)
*/
public static function getUser():array
{
$config = self::_getConfig();
if (is_callable($config['user_model'])) {
return $config['user_model'](self::getCurrentId()) ?? [];
}
return [];
}
Tinywan\Jwt\JwtToken::getUser() 方法返回值如果定死了array就不能在 配置文件里返回模型对象了
为什么啊
Redis::setex($cacheKey . ':' . request()->getRealIp(), $args['cache_token_ttl'], $args['access_token']);
自己项目改一下很简单,但是感觉作为插件不是很合适
比如"JWT:TOKEN:1000:127.0.0.1"
当用户切换wifi和移动网络的时候,原token就失效了,然后就需要刷新token或者重新生成token。
目前过期是抛出异常,没有具体的错误码啥的,怎么判断,难道try catch吗
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.