Does the interface design need to sign the client?

the current API is as follows:
generate a token randomly after the user logs in. Use the value of token as the key cached by Redis
. The cached value is the user"s information, including user id, user nickname, user avatar, etc.

Interface access and authentication

the user will carry the token in the header when accessing the interface.
check whether the token exists and whether it is valid in the front operation. If it is invalid, return http code 401
if it is valid to increase the expiration time of the token, the uid that injects the user id into the request object

Service class service\ Token
this class provides operations on token such as an increase in expiration time to obtain uid according to token

questions

later, I saw on the Internet that it is very insecure and requires a signature and signature algorithm

could you tell me how to design and use this signature? Thank you very much

finally, ask me whether the above interface design is reasonable. Because it is self-study, so there are not many people to give advice, so I am a little confused

Php thinkphp5 laravel yii
Aug.11,2021

if you add a signature, it is recommended to add it as a whole, don't leave it out, and keep it uniform.
and security is also greatly improved. There are many signature algorithms, but the simpler one can be

. 
// 
(md5(++key)++ )

is not a big problem in general, and it is not particularly secure when it comes to operations of the amount payment class.

you can refer to the interface design of the relevant api services. I think it's better to generate a signature for each request.

whether you need signature and encryption, you can consider whether your system security is important, that is, combined with business security and the complexity of additional requirements.

I think what you said is the same as JWT. It has its own data, expiration time, issuer, receiver, and jwt is also put into Header. It automatically detects whether it expires, whether it is legal, and so on. In this way, you don't have to design the code yourself, and there are security issues.
Link:
https://jwt.io/

Previous: Def does not work in django

Next: Will js breakpoint debugging end the current event loop and open the next event loop?

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu