Today, I used node to write in the background, used token for login authentication, and then used a simple JWT simple. However, I found that the set expiration time was not correct, and I didn't prompt for expiration all the time, but it was clearly the expired time, so I checked the source code of JWT simple.
My path, under the root directory \ node_modules \ JWT simple \ lib \ jwt.js
jwt.decode = function jwt_decode(token, key, noVerify, algorithm) {
// check token
if (!token) {
throw new Error('No token supplied');
}
// check segments
var segments = token.split('.');
if (segments.length !== 3) {
throw new Error('Not enough or too many segments');
}
// All segment should be base64
var headerSeg = segments[0];
var payloadSeg = segments[1];
var signatureSeg = segments[2];
// base64 decode and parse JSON
var header = JSON.parse(base64urlDecode(headerSeg));
var payload = JSON.parse(base64urlDecode(payloadSeg));
if (!noVerify) {
var signingMethod = algorithmMap[algorithm || header.alg];
var signingType = typeMap[algorithm || header.alg];
if (!signingMethod || !signingType) {
throw new Error('Algorithm not supported');
}
// verify signature. `sign` will return base64 string.
var signingInput = [headerSeg, payloadSeg].join('.');
if (!verify(signingInput, key, signingMethod, signingType, signatureSeg)) {
throw new Error('Signature verification failed');
}
// Support for nbf and exp claims.
// According to the RFC, they should be in seconds.
if (payload.nbf && Date.now() < payload.nbf*1000) {
throw new Error('Token not yet active');
}
if (payload.exp && Date.now() > payload.exp*1000) {
throw new Error('Token expired');
}
}
return payload;
};This is the decryption function, found at the back
if (payload.exp && Date.now() > payload.exp*1000) {
throw new Error('Token expired');
}Here, 1000 more..... This is embarrassing, and then looked at the next encryption, there is no other than 100 operations... How can it expire like this..
You can remove 1000, or set the expiration time / 1000.