Node.js 緩存的使用

1.

app.get('/', (req, res) => {
  res.cookie('access_token', 'value', {
    expires: new Date(Date.now() + 7200000)
  })
  res.send('<h1>hello world!</h1>')
})
  

2.

app.use(cookieParser())

app.get('/login', function(req, res, next) {
 var user = {name:'test'}; //!! find the user and check user from db then

   var token = jwt.sign(user, 'secret', {
           expiresInMinutes: 1440
         });

   res.cookie('auth',token);
   res.send('ok');

}); 


var cookieParser = require('cookie-parser')
app.use(function(req, res, next) {

 var token = req.cookies.auth;

 // decode token
 if (token) {

   jwt.verify(token, 'secret', function(err, token_data) {
     if (err) {
        return res.status(403).send('Error');
     } else {
       req.user_data = token_data;
       next();
     }
   });

 } else {
   return res.status(403).send('No token');
 }
});

不應(yīng)該存在cookie中，因?yàn)檫@樣前端可以看到，不安全。

后端把a(bǔ)ccess_token和有效期保存起來，當(dāng)然你只保存 access_token,把有效期直接設(shè)置在緩沖時(shí)效中也是可以的。

后端保存的方式有很多，你直接保存到數(shù)據(jù)庫中，每次使用的時(shí)候去查一下也是可以的。

好的一點(diǎn)是通過文件緩存來保存。

如果你想使用 memcache 或 redis 也是可以的。
所以，還有什么問題？

之前寫的一個(gè)項(xiàng)目是這樣做的，你可以參考下，就是記錄access_toke和過期時(shí)間，過期了就重新獲取

import * as rp from 'request-promise'
import * as config from 'config'
import * as fs from 'fs'
import sha1 = require('sha1')
import { Component, HttpStatus, HttpException } from '@nestjs/common'
import { get, Options } from 'request-promise'
import * as _ from 'lodash'

@Component()
export class WechatService {

  private readonly appId = config.get<string>('appId')

  private readonly appSecret = config.get<string>('appSecret')

  /**
   * accessToken expiration time
   * timestamp
   */
  private accessTokenExpirationTime = Date.now()

  private accessToken: string

  constructor() { }

  /**
   * get access_token
   *
   * @see {@link https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421140183}
   */
  async getAccessToken(): Promise<string> {

    // 如果還沒到accessToken的過期時(shí)間則直接返回
    if (Date.now() < this.accessTokenExpirationTime)
      return Promise.resolve(this.accessToken)

    const options: Options = {
      uri: 'https://api.weixin.qq.com/cgi-bin/token',
      qs: {
        grant_type: 'client_credential',
        appid: this.appId,
        secret: this.appSecret
      },
      json: true
    }

    // 這里的expires_in為在expires_in秒后過期
    const accessTokenWrapper: {access_token: string, expires_in: number} = await get(options)

    // 如果沒有返回access_token則說明獲取失敗，直接拋出
    if (!accessTokenWrapper.access_token) throw new HttpException(accessTokenWrapper, HttpStatus.INTERNAL_SERVER_ERROR)

    this.accessTokenExpirationTime = Date.now() + accessTokenWrapper.expires_in * 1000

    this.accessToken = accessTokenWrapper.access_token

    return accessTokenWrapper.access_token
  }

  /**
   * send media to user
   *
   * @param openId user's openid
   * @param mediaPath media path
   * @param mediaType media type
   * @param msgtype msg type
   */
  async sendMediaToUser(openId: string, mediaPath: string, mediaType = 'image', msgtype = 'image'): Promise<void> {
    const mediaId = await this.uploadTemMaterial(mediaType, mediaPath)

    const options: Options = {
      method: 'POST',
      uri: 'https://api.weixin.qq.com/cgi-bin/message/custom/send',
      qs: {
        access_token: await this.getAccessToken()
      },
      body: {
        touser: openId,
        msgtype,
        image: {
          media_id: mediaId
        }
      },
      json: true
    }

    const result: {errcode: number, errmsg: string} = await rp(options)

    if (result.errcode !== 0) throw new HttpException(result, HttpStatus.INTERNAL_SERVER_ERROR)
  }

  /**
   * upload temporary material to wechat
   *
   * @see {@link https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1444738726}
   * @param type material type
   * @param path file path
   * @returns {Promise<string>} mediaId
   */
  async uploadTemMaterial(type: string, path: string): Promise<string> {
    const options: Options = {
      method: 'POST',
      uri: 'https://api.weixin.qq.com/cgi-bin/media/upload',
      qs: {
        access_token: await this.getAccessToken(),
        type
      },
      formData: {
        media: fs.createReadStream(path)
      },
      json: true
    }

    const result = await rp(options)
    if (result.errcode) throw new HttpException(result, HttpStatus.INTERNAL_SERVER_ERROR)

    return result.media_id
  }
}

我安裝jwt 被提示 Refusing to install package with name "koa-jwt" under a package
拒絕安裝了， 很奇怪， 那么 我想問一下，第一種方法 存在 cookie 也沒有什么妨礙吧， 我開發(fā)的是一個(gè) 微信網(wǎng)頁