I want to generate token as user id and store in database , but how to generate unique one?
我想生成令牌作为用户id并存储在数据库中,但是如何生成唯一的令牌呢?
should I add timestamp var currentUnixTimestamp = (new Date().getTime() / 1000); as salt? how to do with crypto?
我是否应该添加时间戳var currentUnixTimestamp = (new Date().getTime() / 1000);盐吗?如何处理密码?
var generateToken = function() {
return new Promise(function (fulfill, reject){
crypto.randomBytes(8, function(error, buf) {
if (error) {
reject(error);
} else {
var token = buf.toString('hex');
fulfill(token);
}
});
});
};
3 个解决方案
#1
3
Eight random bytes from a properly seeded crypto library has a low chance of a collision, so you don't usually need to concern yourself with duplicates. In fact, increase that to 16 bytes, and your code is on par with UUID version 4. This is considered a standard for UUIDs. The chances of a collision are so remote it is not usually worth considering.
来自适当种子的加密库的8个随机字节发生冲突的可能性很小,所以您通常不需要关注副本。实际上,将其增加到16字节,您的代码与UUID版本4相当。这被认为是uuid的标准。碰撞的可能性非常小,通常不值得考虑。
If you are going that far though, consider using a standard format UUID, such as the node package "uuid". There are also database-side uuid functions which you can add as default to schemas e.g. in Postgres. The advantage is a standardised and well-understood format for your ids, and you won't need to spend any time justifying or maintaining your code for this, just point developers to the standard docs.
如果您想要达到这个目的,请考虑使用标准格式UUID,例如节点包“UUID”。也有数据库端uuid函数,您可以将其作为默认添加到模式中,例如Postgres中。其优点是为您的ids提供了一种标准化的、易于理解的格式,并且您不需要花费任何时间来证明或维护您的代码,只需将开发人员指向标准文档即可。
#2
1
If you want this token for authentication purposes you should use json web token instead. It will manage for you and its quite efficient. Only have to include as a middleware .
如果您希望这个令牌用于身份验证,您应该使用json web令牌。它将为您管理,而且非常有效。只需要包含作为中间件。
app.use(expressJWT({
secret: new Buffer("Your-secret-key").toString('base64')
}).unless({
//@ pass api without validating
path: unlessRoutes
}));
You could specify which routes you don't want to to skip in jwt middleware by giving an array in unlessRoutes.
通过在unlessroute中提供数组,您可以指定不希望在jwt中间件中跳过哪些路由。
var unlessRoutes = [
'/',
/\/login/,
/\/register/,
/\/customers/,
/\/customer$/,
/\/addCustomer/,
/\/just/,
/\/search/,
/\/dynamic/,
/\/favicon.ico/
]
#3
0
This is what i think we can do for generating the random token using the crypto:
这就是我认为我们可以用密码生成随机令牌的方法:
var passwordResetToken = createRandomToken(data.body.email);
exports.createRandomToken = function (string) {
var seed = crypto.randomBytes(20);
return crypto.createHash('abcde').update(seed + string).digest('hex');
};
#1
3
Eight random bytes from a properly seeded crypto library has a low chance of a collision, so you don't usually need to concern yourself with duplicates. In fact, increase that to 16 bytes, and your code is on par with UUID version 4. This is considered a standard for UUIDs. The chances of a collision are so remote it is not usually worth considering.
来自适当种子的加密库的8个随机字节发生冲突的可能性很小,所以您通常不需要关注副本。实际上,将其增加到16字节,您的代码与UUID版本4相当。这被认为是uuid的标准。碰撞的可能性非常小,通常不值得考虑。
If you are going that far though, consider using a standard format UUID, such as the node package "uuid". There are also database-side uuid functions which you can add as default to schemas e.g. in Postgres. The advantage is a standardised and well-understood format for your ids, and you won't need to spend any time justifying or maintaining your code for this, just point developers to the standard docs.
如果您想要达到这个目的,请考虑使用标准格式UUID,例如节点包“UUID”。也有数据库端uuid函数,您可以将其作为默认添加到模式中,例如Postgres中。其优点是为您的ids提供了一种标准化的、易于理解的格式,并且您不需要花费任何时间来证明或维护您的代码,只需将开发人员指向标准文档即可。
#2
1
If you want this token for authentication purposes you should use json web token instead. It will manage for you and its quite efficient. Only have to include as a middleware .
如果您希望这个令牌用于身份验证,您应该使用json web令牌。它将为您管理,而且非常有效。只需要包含作为中间件。
app.use(expressJWT({
secret: new Buffer("Your-secret-key").toString('base64')
}).unless({
//@ pass api without validating
path: unlessRoutes
}));
You could specify which routes you don't want to to skip in jwt middleware by giving an array in unlessRoutes.
通过在unlessroute中提供数组,您可以指定不希望在jwt中间件中跳过哪些路由。
var unlessRoutes = [
'/',
/\/login/,
/\/register/,
/\/customers/,
/\/customer$/,
/\/addCustomer/,
/\/just/,
/\/search/,
/\/dynamic/,
/\/favicon.ico/
]
#3
0
This is what i think we can do for generating the random token using the crypto:
这就是我认为我们可以用密码生成随机令牌的方法:
var passwordResetToken = createRandomToken(data.body.email);
exports.createRandomToken = function (string) {
var seed = crypto.randomBytes(20);
return crypto.createHash('abcde').update(seed + string).digest('hex');
};