javascript
// Pre-request script
// 使用 CryptoJS(Postman 通常内置这个)
const generateJWT = () => {
const issuer = "example.com";
const secret = "secret_key";
console.log("Generating JWT with issuer:", issuer);
// Header
const header = {
"alg": "HS256",
"typ": "JWT"
};
// Payload
const payload = {
"iss": issuer,
"exp": Math.floor(Date.now() / 1000) + 3600,
"iat": Math.floor(Date.now() / 1000),
"sub": "postman-test",
"name": "test"
};
try {
// 方法2A: 使用 CryptoJS(如果可用)
const base64Header = btoa(JSON.stringify(header)).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
const base64Payload = btoa(JSON.stringify(payload)).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
const data = base64Header + "." + base64Payload;
// 简单的HMAC-SHA256实现
const signature = CryptoJS.HmacSHA256(data, secret);
const base64Signature = CryptoJS.enc.Base64.stringify(signature)
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=+$/, '');
const token = data + "." + base64Signature;
pm.environment.set("jwt_token", token);
console.log("JWT生成成功:", token);
return token;
} catch (error) {
console.log("CryptoJS方法失败:", error);
// 方法2B: 使用纯JavaScript的简单实现(用于测试)
const simpleToken = generateSimpleJWT(header, payload, secret);
pm.environment.set("jwt_token", simpleToken);
console.log("使用简单方法生成的JWT:", simpleToken);
return simpleToken;
}
};
// 简单的JWT生成函数(用于测试)
function generateSimpleJWT(header, payload, secret) {
const base64Header = btoa(JSON.stringify(header))
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=+$/, '');
const base64Payload = btoa(JSON.stringify(payload))
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=+$/, '');
// 注意:这是一个简化的签名,仅用于测试
const fakeSignature = "test_signature_only_for_debugging";
return base64Header + "." + base64Payload + "." + fakeSignature;
}
// 生成JWT
generateJWT();设置headers
key jwt
value {{jwt_token}}