yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-02 10:55:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: fix pr feedback

Browse Source 
Signed-off-by: Jim LAURIE <j.laurie6993@gmail.com>
This commit is contained in:
Jim LAURIE 2020-05-22 10:34:38 +02:00
parent 16c304d710
commit fc4cef9926
3 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docs/3.0.0-beta.x/plugins/users-permissions.md
View File

@ -48,11 +48,6 @@ To change the default role, go to the `Advanced settings` tab and update the `De
A jwt token may be used for making permission-restricted API requests. To make an API request as a user, place the jwt token into an `Authorization` header of the GET request. A request without a token, will assume the `public` role permissions by default. Modify the permissions of each user's role in admin dashboard. Authentication failures return a 401 (unauthorized) error.
### JWT Configuration
You can fully configure the JWT Configuration options by modifying the file in `strapi-plugin-users-permissions/config/jwt.json`.
For example you can change the expiration date of the JWT token, or you can set the time when the JWT token will start to be valid.
#### Usage
- The `token` variable is the `data.jwt` received when logging in or registering.
@ -79,6 +74,26 @@ axios
});
```
### JWT configuration
You can configure option for the JWT generation by creating `extensions/users-permissions/config/security.json` file.
We are using [jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken) to generate the JWT.
Available options:
- `expiresIn`: expressed in seconds or a string describing a time span zeit/ms.<br>
Eg: 60, "2 days", "10h", "7d". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms").
**Path —** `extensions/users-permissions/config/security.json`
```json
{
"jwt": {
"expiresIn": "1d"
}
}
```
### Registration
Creates a new user in the database with a default role as 'registered'.

2
packages/strapi-plugin-users-permissions/config/jwt.json → packages/strapi-plugin-users-permissions/config/security.json
View File

@ -1,3 +1,5 @@
{
"jwt": {
"expiresIn": "30d"
}
}

3
packages/strapi-plugin-users-permissions/services/Jwt.js
View File

@ -8,7 +8,6 @@
const _ = require('lodash');
const jwt = require('jsonwebtoken');
const defaultJwtOptions = require('../config/jwt.json');
module.exports = {
getToken(ctx) {
@ -40,7 +39,7 @@ module.exports = {
},
issue(payload, jwtOptions = {}) {
_.defaults(jwtOptions, defaultJwtOptions);
_.defaults(jwtOptions, strapi.plugins['users-permissions'].config.jwt);
return jwt.sign(
_.clone(payload.toJSON ? payload.toJSON() : payload),
_.get(strapi.plugins, ['users-permissions', 'config', 'jwtSecret']),