认清现实,放弃幻想,准备斗争
需求
一、后端的接口
1、集成JWT
service-base中添加依赖
<dependency> <groupId>io.jsonwebtoken</groupId> <artifactId>jjwt</artifactId> </dependency>
2、JWT工具
service-base中添加util包
添加JwtUtils类
public class JwtUtils { private static long tokenExpiration = 24*60*60*1000; private static String tokenSignKey = "A1t2g3uigu123456"; private static Key getKeyInstance(){ SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256; byte[] bytes = DatatypeConverter.parseBase64Binary(tokenSignKey); return new SecretKeySpec(bytes,signatureAlgorithm.getJcaName()); } public static String createToken(Long userId, String userName) { String token = Jwts.builder() .setSubject("SRB-USER") .setExpiration(new Date(System.currentTimeMillis() + tokenExpiration)) .claim("userId", userId) .claim("userName", userName) .signWith(SignatureAlgorithm.HS512, getKeyInstance()) .compressWith(CompressionCodecs.GZIP) .compact(); return token; } /** * 判断token是否有效 * @param token * @return */ public static boolean checkToken(String token) { if(StringUtils.isEmpty(token)) { return false; } try { Jwts.parser().setSigningKey(getKeyInstance()).parseClaimsJws(token); return true; } catch (Exception e) { return false; } } public static Long getUserId(String token) { Claims claims = getClaims(token); Integer userId = (Integer)claims.get("userId"); return userId.longValue(); } public static String getUserName(String token) { Claims claims = getClaims(token); return (String)claims.get("userName"); } public static void removeToken(String token) { //jwttoken无需删除,客户端扔掉即可。 } /** * 校验token并返回Claims * @param token * @return */ private static Claims getClaims(String token) { if(StringUtils.isEmpty(token)) { // LOGIN_AUTH_ERROR(-211, "未登录"), throw new BusinessException(ResponseEnum.LOGIN_AUTH_ERROR); } try { Jws<Claims> claimsJws = Jwts.parser().setSigningKey(getKeyInstance()).parseClaimsJws(token); Claims claims = claimsJws.getBody(); return claims; } catch (Exception e) { throw new BusinessException(ResponseEnum.LOGIN_AUTH_ERROR); } } }
3、创建VO对象
service-core中创建登录对象
@Data @ApiModel(description="登录对象") public class LoginVO { @ApiModelProperty(value = "用户类型") private Integer userType; @ApiModelProperty(value = "手机号") private String mobile; @ApiModelProperty(value = "密码") private String password; }
用户信息对象
@Data @ApiModel(description="用户信息对象") public class UserInfoVO { @ApiModelProperty(value = "用户姓名") private String name; @ApiModelProperty(value = "用户昵称") private String nickName; @ApiModelProperty(value = "头像") private String headImg; @ApiModelProperty(value = "手机号") private String mobile; @ApiModelProperty(value = "1:出借人 2:借款人") private Integer userType; @ApiModelProperty(value = "JWT访问令牌") private String token; }
4、Controller
UserInfoController
@ApiOperation("会员登录") @PostMapping("/login") public R login(@RequestBody LoginVO loginVO, HttpServletRequest request) { String mobile = loginVO.getMobile(); String password = loginVO.getPassword(); Assert.notEmpty(mobile, ResponseEnum.MOBILE_NULL_ERROR); Assert.notEmpty(password, ResponseEnum.PASSWORD_NULL_ERROR); String ip = request.getRemoteAddr(); UserInfoVO userInfoVO = userInfoService.login(loginVO, ip); return R.ok().data("userInfo", userInfoVO); }
5、Service
接口:UserInfoService
UserInfoVO login(LoginVO loginVO, String ip);
实现:UserInfoServiceImpl
@Resource private UserLoginRecordMapper userLoginRecordMapper; @Transactional( rollbackFor = {Exception.class}) @Override public UserInfoVO login(LoginVO loginVO, String ip) { String mobile = loginVO.getMobile(); String password = loginVO.getPassword(); Integer userType = loginVO.getUserType(); //获取会员 QueryWrapper<UserInfo> queryWrapper = new QueryWrapper<>(); queryWrapper.eq("mobile", mobile); queryWrapper.eq("user_type", userType); UserInfo userInfo = baseMapper.selectOne(queryWrapper); //用户不存在 //LOGIN_MOBILE_ERROR(-208, "用户不存在"), Assert.notNull(userInfo, ResponseEnum.LOGIN_MOBILE_ERROR); //校验密码 //LOGIN_PASSWORD_ERROR(-209, "密码不正确"), Assert.equals(MD5.encrypt(password), userInfo.getPassword(), ResponseEnum.LOGIN_PASSWORD_ERROR); //用户是否被禁用 //LOGIN_DISABLED_ERROR(-210, "用户已被禁用"), Assert.equals(userInfo.getStatus(), UserInfo.STATUS_NORMAL, ResponseEnum.LOGIN_LOKED_ERROR); //记录登录日志 UserLoginRecord userLoginRecord = new UserLoginRecord(); userLoginRecord.setUserId(userInfo.getId()); userLoginRecord.setIp(ip); userLoginRecordMapper.insert(userLoginRecord); //生成token String token = JwtUtils.createToken(userInfo.getId(), userInfo.getName()); UserInfoVO userInfoVO = new UserInfoVO(); userInfoVO.setToken(token); userInfoVO.setName(userInfo.getName()); userInfoVO.setNickName(userInfo.getNickName()); userInfoVO.setHeadImg(userInfo.getHeadImg()); userInfoVO.setMobile(userInfo.getMobile()); userInfoVO.setUserType(userType); return userInfoVO; }
理清楚这里的业务逻辑:
1.先去查找用户是不是存在,如果不存在,马上断言失败退出逻辑
2.查看用户输入的密码是不是跟数据库中的数据是一样的,如果不是马上断言退出
3.查看用户状态是不是正常。如果不正常马上断言退出
4.记录登录日志
5.生产token
