the current API is as follows:
generate a token randomly after the user logs in. Use the value of token as the key cached by Redis
. The cached value is the user"s information, including user id, user nickname, user avatar, etc.
Interface access and authentication
the user will carry the token in the header when accessing the interface.
check whether the token exists and whether it is valid in the front operation. If it is invalid, return http code 401
if it is valid to increase the expiration time of the token, the uid that injects the user id into the request object
Service class service\ Token
this class provides operations on token such as an increase in expiration time to obtain uid according to token
questions
later, I saw on the Internet that it is very insecure and requires a signature and signature algorithm
could you tell me how to design and use this signature? Thank you very much
finally, ask me whether the above interface design is reasonable. Because it is self-study, so there are not many people to give advice, so I am a little confused