更新时间:2023-12-04 11:18:52
不是很喜欢打我的数据库来存储令牌的想法,尤其是当您要为许多操作创建和验证令牌时.
Didn't really like the idea of hitting my database to store tokens, especially when you want to be creating and verifying tokens for many actions.
相反,我决定复制 Django的操作方式:
today
ident
到base36 hash
:
today
ident
hash
containing:
我们测试req.params.timestamp只是为了简单地测试它是否对今天有效,首先要进行最便宜的测试.首先失败.
We test the req.params.timestamp in order to simply test if it's valid for today, cheapest test first. fail first.
然后我们找到用户,如果该用户不存在,则失败.
Then we find the user, fail if it doesn't exist.
然后我们再次从上方生成哈希,但时间戳来自req.params
Then we generate the hash again from above, but with the timestamp from req.params
如果,重置链接将无效:
The reset link becomes invalid if :
这种方式: