1: Web development mode
1.1: Concepts and advantages and disadvantages of server-side rendering
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- to know the service side rendering the concept and advantages and disadvantages of -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --Mainstream Web development patterns1: The traditional text Web development mode based on server-side rendering has less front-end time, because the server splices and renders good data, which is conducive to crawler obtaining information. However, it occupies resources, is not conducive to the separation of the front and back ends, and the development efficiency is low2: Front-end and back-end separation development,Copy the code1.2: Concepts, advantages and disadvantages of front and rear end separation
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- end before and after the separation of the concept and advantages and disadvantages of -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --Front and rear end separation development:1The front-end is responsible for taking the interface to render the data, while the back-end API provides the interface. Reduces the strain on the server. Use vUE and other frameworks to solve SEO optimization problemsCopy the code1.3: How to choose web Development Mode
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- how to choose a web development model point -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --Enterprise site, the use of server-side rendering background management projects, interactive, the use of back-end separation development mode but not absolute, some site first screen is server-side rendering, + other pages back-end separation development modeCopy the code2: indicates session authentication
2.1: Stateless identity authentication and Http protocol
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- what is authentication -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --Through certain means, complete user authentication/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- why do you need to identity authentication and identity authentication scheme -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --Authentication is to prove that you are yourself. Server-side rendering uses session authentication/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- the HTTP protocol of statelessness -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --HTTP stateless protocol Each HTTP protocol is independent, and the server does not actively reserve each HTTP request/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- how to breakthrough the limitation of HTTP stateless -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --The server stores authentication information in cookiesCopy the code3: indicates Cookie authentication
3.1: What is a cookie
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- what is a cookie -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --Cookies are automatically sent, domain name independent, with an expiration date and a 4KB limit. Each request sends unexpired cookies from its domain name to the serverCopy the code3.2: The role of cookies in identity authentication
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- cookies in the role of identity authentication -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --The cookie is stored in the Request Header in the response header on each request. Each cookie corresponds to the properties in the Application /cookies, as shown in the figureCopy the code3.3: Cookies are not secure
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- the cookie has no security -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --Cookies also provide an API for reading and writing cookies, so they can be easily forged. It is not recommended to use important private data, do not use cookies to store private data, dial into the user's identity authentication information, password, etcCopy the code3.4: Improve the security of identity authentication
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- improving the security of authentication -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --Although the client has cookies, it needs to pass the cookie authentication on the serverCopy the code4: the session
4.1: How session works
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- the work of the session the original -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --The principle of session is that the client initiates a request --> after authentication ----> creates a memory in the server to store user information and then prints the cookie. The next request from the client will carry the cookie given by the server --> the server finds the corresponding information from the memory according to the cookie. Respond to specific content to the clientCopy the code4.2: Install and configure the Express-session middleware
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- install and configure express session middleware -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
1: Initializes the project package management file2: express installation3: express installation - the session4: Configures session middlewareCopy the code4.3: Operations of express-session middleware
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- express session middleware concrete operation -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --Session Login and exit case A: App.js Interface configuration: App. use(express.urlencode({app.urlencode ({extended: false}))
1If you fail to obtain a user, a message is displayed and you are redirected to the login page. If you fail to obtain a user, a message is displayed and you are welcome1.1: Interface processing: If the interface does not have session.islogin, change the status to1If the login succeeds, the status value is changed to0And get the Username in Sessions to render the prompt to the page2: login Indicates a login request on the login page. A form submission event is initiated and a POST request is initiated to serialize the form. If the login succeeds, the system directly jumps to the login page2.1: If the login user name is not admin and the password is not admin000000, the system displays a login failure message and changes status1Session. user, session.islogin =trueThe login succeeds, and the Send login succeeds message is displayed3Exit function: Click the exit function to send a POST request. If the exit is successful, you are redirected to the login page3.1If the request is received, the session.destory will be cleared, and the session.destory will be sent to the session.destory page.thisApp.use (express.urlencode({express.extends: false})) app.use global mount session, after login, assign the form information to session, set the login status, check the page session.islogin if not, set the status=1Is not logged in, otherwise is more success. Exit function: Click exit, clear session.destory, and show the page that exit successfully.Copy the code5: JWT authentication mechanism – cross-domain support
5.1: Limitations of Session authentication and the concept of JWT
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- the concept of the limitations of the session authentication and JWT -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --Session does not support cross-domain and requires a lot of additional configuration to achieve cross-domain. If there is no cross-domain problem, session is recommended. If there is a need for cross-domain, JWT authentication mechanism is recommended, which is the most popular cross-domain solutionCopy the code5.2: How JWT works
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- the principle of JWT -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --How JWT works: Client submits login password --> server authentication, generates token string to client --> browser stores token in LocalStorage or sessionStorage, --> client requests Authorization field again, Send the token to the server --> The server restores the token, restores the object information, and responds to the specific content for the user after successful restorationCopy the code5.3: The three components of JWT and what they represent
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- each of the three components and of JWT represents the meaning of -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --JWT includes header, payload, payload, signature.3Payload is the real information of the user. The header and signature ensure token securityCopy the code5.4: How JWT is used
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- the use of JWT way -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --When the client receives the JWT returned by the server, it stores it in thelocalStorageOr in sessionStorage, the client needs to write the string JWT when it goes to the Ox server in the future. It is recommended to write JWT in the HTTP Authorization.Copy the code6: Use of JWT in the project
6.1: Analysis of JWT usage process
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- the use of JWT process and common operations -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --JWT practical application of a flow chart analysis1Jsonwentoken generates JWT strings, and express-JWT is restored to JSON objects2: Imports related packages3: defines the secret key.4: A JWT character string is generated after successful login5: Restores JWT strings to JSON objects6: Uses req.user to obtain user information7: Catches errors generated when parsing JWT failsCopy the code6.2: Specific use of JWT in the project
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- JWT in the project specific use -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --JWT practical application two code analysis0: Creates a Web server1: import2Jsonwentoken generates JWT strings, express-JWT is restored to JSON objects2: defines the secret key. The key will be generated by jsonWentToken, and the token will be generated by JWT after login3: login request, according to the user in the code, if not their own users in the body prompt failure, the correct use of JWT method, the user name and secret key in the request body, set expiration time, data response success, in the body response data. You can see that the token has been encrypted4: Global mount decryption method: will request the address with/API/interface, decrypt the secret key. A subsequent request without an API can use req.user to decrypt the user information into the body's data5Postman carries the token through the interface and successfully responds to the successful data in the body6: Create a global error middleware to catch err error messages. Otherwise, the query will crash once an error is reported, so that the error message can be directly responded to the bodyCopy the code6.3: Test the interface request using Postman after generating token using JWT
/ / -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- postman after JWT token generated using test interface request -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --JWT practical application of three Postman interface tests and server terminal response1: POST request A login request, made by the user with the code red seal, will generate a token in the body after success2: Access to user information is required to carry Authorization: Bearer tokens in order to access data successfully, iAT and EXP will be valid for tokens3: Because token is30In order to prevent the program from crashing, catch the error message in the code, print the error message to the body, so the program will run again, but the body can see the same error: invalid tokenCopy the code
Thank you for reading, the back-end Node series is over for now!