Golang代码:
package main
import (
"fmt"
"time"
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
)
const (
key = "my_secret_key"
)
func GenerateToken(email string) string {
payload := email + "|" + time.Now().Format(time.RFC3339)
hash := hmac.New(sha256.New, []byte(key))
hash.Write([]byte(payload))
signature := base64.StdEncoding.EncodeToString(hash.Sum(nil))
return payload + "|" + signature
}
func main() {
email := "example@example.com"
token := GenerateToken(email)
fmt.Println(token)
}
上述代码中,我们使用了hmac和sha256算法以及base64编码来生成token。其中,payload包含了邮箱和当前时间戳,signature则是将payload和密钥进行hmac-sha256计算后的结果。最终的token由payload和signature拼接而成。
PHP代码:
<?php
function VerifyToken($token) {
$parts = explode('|', $token);
if(count($parts) != 3) {
return false;
}
list($email, $timestamp, $signature) = $parts;
$key = 'my_secret_key';
$payload = $email . '|' . $timestamp;
$hash = hash_hmac('sha256', $payload, $key, true);
$computed_signature = base64_encode($hash);
return $signature === $computed_signature;
}
// test case
$token = "example@example.com|2021-07-22T12:34:56+08:00|Ls0iWmRfz1l7vJZ8R8rcOeEq+qoZJ/KKmEBH9OT67iE=";
$result = VerifyToken($token);
var_dump($result);
?>
上述代码中,我们使用了hash_hmac和base64_decode函数来验证token的有效性。其中,payload和signature分别从token中提取出来,并重新计算signature,最后与token中的signature进行比较。如果一致,则表示token有效。