我在Node.js(20.5.1)应用程序中遇到了一个与使用RSA密钥对进行JSON Web令牌(JWT)验证相关的问题.错误消息如下:
[16:39:56.959] FATAL (26460): invalid signature
err: {
"type": "JsonWebTokenError",
"message": "invalid signature",
"stack":
JsonWebTokenError: invalid signature
at U:\Coding\MCShop-API\node_modules\jsonwebtoken\verify.js:171:19
at getSecret (U:\Coding\MCShop-API\node_modules\jsonwebtoken\verify.js:97:14)
at module.exports (U:\Coding\MCShop-API\node_modules\jsonwebtoken\verify.js:101:10)
at verifyJWTToken (U:\Coding\MCShop-API\src\crypto.ts:28:37)
at U:\Coding\MCShop-API\src\app.ts:39:45
at Layer.handle [as handle_request] (U:\Coding\MCShop-API\node_modules\express\lib\router\layer.js:95:5)
at trim_prefix (U:\Coding\MCShop-API\node_modules\express\lib\router\index.js:328:13)
at U:\Coding\MCShop-API\node_modules\express\lib\router\index.js:286:9
at Function.process_params (U:\Coding\MCShop-API\node_modules\express\lib\router\index.js:346:12)
at next (U:\Coding\MCShop-API\node_modules\express\lib\router\index.js:280:10)
"name": "JsonWebTokenError"
}
我还附加了crypto.ts文件,它为我的应用程序处理JSON Web令牌.
import crypto from 'crypto';
import { readFileSync } from 'fs';
import { JwtPayload, sign, verify } from 'jsonwebtoken';
import { logger } from './app';
export function generateRSAKeyPair() {
const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
modulusLength: 512,
publicKeyEncoding: { type: 'pkcs1', format: 'pem' },
privateKeyEncoding: { type: 'pkcs1', format: 'pem' }
});
return { privateKey, publicKey };
}
export function generateJWTToken(admin: boolean, username: string) {
const key = readFileSync('private.key', { encoding: 'utf-8', flag: 'r' });
return sign({
admin,
username
}, key, { algorithm: 'RS256' });
}
export function verifyJWTToken(token: string) {
try {
const key = readFileSync('public.key', { encoding: 'utf-8', flag: 'r' });
const verifiedToken = verify(token, key, { algorithms: ['RS256'] }) as JwtPayload;
if (!verifiedToken) return false;
return verifiedToken
} catch (error) {
logger.fatal(error);
return false;
}
}
我已经确认了以下几点:
- Key变量不是未定义的,它正在获取文件的内容.
- readFileSync不使用缓存.
- 传递给函数的值是有效的.
- The attempted JWT is indeed valid confirmed by JWT.io
我怀疑我处理密钥的方式或JWT库版本中可能有错误.
有没有人能帮我找出"无效签名"错误的根本原因,并提出可能的解决方案?任何真知灼见或建议都将不胜感激.