Golang代码:
package mainimport ("fmt""time""crypto/hmac""crypto/sha256""encoding/base64")const (key = "my_secret_key")func GenerateToken(email string) string {payload := email + "|" + time.Now().Format(time.RFC3339)hash := hmac.New(sha256.New, []byte(key))hash.Write([]byte(payload))signature := base64.StdEncoding.EncodeToString(hash.Sum(nil))return payload + "|" + signature}func main() {email := "example@example.com"token := GenerateToken(email)fmt.Println(token)}
上述代码中,我们使用了hmac和sha256算法以及base64编码来生成token。其中,payload包含了邮箱和当前时间戳,signature则是将payload和密钥进行hmac-sha256计算后的结果。最终的token由payload和signature拼接而成。
PHP代码:
<?phpfunction VerifyToken($token) {$parts = explode('|', $token);if(count($parts) != 3) {return false;}list($email, $timestamp, $signature) = $parts;$key = 'my_secret_key';$payload = $email . '|' . $timestamp;$hash = hash_hmac('sha256', $payload, $key, true);$computed_signature = base64_encode($hash);return $signature === $computed_signature;}// test case$token = "example@example.com|2021-07-22T12:34:56+08:00|Ls0iWmRfz1l7vJZ8R8rcOeEq+qoZJ/KKmEBH9OT67iE=";$result = VerifyToken($token);var_dump($result);?>
上述代码中,我们使用了hash_hmac和base64_decode函数来验证token的有效性。其中,payload和signature分别从token中提取出来,并重新计算signature,最后与token中的signature进行比较。如果一致,则表示token有效。
