Yshop框架的小程序登录

2024-06-06 02:20
文章标签 程序 登录 框架 yshop

本文主要是介绍Yshop框架的小程序登录,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

1配置

根据请求头去判断,走小程序,还是Pc端。

#jwt
jwt:header: Authorization#小程序前缀 请求头mini-program-header: MiAuthorization# 令牌前缀token-start-with: Bearersecret: k09BQnaF# 必须使用最少88位的Base64对该令牌进行编码base64-secret: ZmQ0ZGI5NjQ0MDQwY2I4MjMxY2Y3ZmI3MjdhN2ZmMjNhODViOTg1ZGE0NTBjMGM4NDA5NzYxMjdjOWMwYWRmZTBlZjlhNGY3ZTg4Y2U3YTE1ODVkZDU5Y2Y3OGYwZWE1NzUzNWQ2YjFjZDc0NGMxZWU2MmQ3MjY1NzJmNTE0MzI=# 令牌过期时间 此处单位/毫秒 ,默认4小时,可在此网站生成 https://www.convertworld.com/zh-hans/time/milliseconds.htmltoken-validity-in-seconds: 14400000# 在线用户keyonline-key: online-token# 小程序在线用户mi-online-key: mi-online-token# 验证码code-key: code-key

2.登录

登录时,设置用户信息存储到redis中。

    /**** 根据账户,密码 登录* @param exUser* @return*/@Overridepublic R<Object> VxLogin(ExUser exUser) {// 查询数据库中的账号密码是否存在ExUser exUserA = exUserMapper.selectOne(new LambdaQueryWrapper<ExUser>().eq(StringUtils.isNotBlank(exUser.getUserUsername()), ExUser::getUserUsername, exUser.getUserUsername()).eq(StringUtils.isNotBlank(exUser.getUserPassword()), ExUser::getUserPassword, exUser.getUserPassword()).eq(Objects.nonNull(exUser.getUserStatus()), ExUser::getUserStatus, 1));if (Objects.isNull(exUserA)) {return R.error("该用户未存在");}// 生成tokenString token = tokenUtil.generateTokenA(exUserA);Map<String, Object> authInfo = new HashMap<String, Object>(2) {{put("token", properties.getTokenStartWith() + token);put("user", exUserA);}};RedisUtil.set(properties.getMiOnlineKey() + token, exUserA, properties.getTokenValidityInSeconds() / 1000);return R.success(authInfo);}

3.过滤器

获取请求头,判断是小程序接口还是Pc端接口。

/*** Copyright (C) 2018-2022* All rights reserved, Designed By www.yixiang.co*/
package co.yixiang.modules.security.security;import co.yixiang.domain.ExUser;
import co.yixiang.modules.security.config.SecurityProperties;
import co.yixiang.modules.security.service.OnlineUserService;
import co.yixiang.modules.user.vo.OnlineUser;
import co.yixiang.utils.SpringContextHolder;
import co.yixiang.utils.StringUtils;
import io.jsonwebtoken.ExpiredJwtException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.GenericFilterBean;import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;/*** @author /*/
@Slf4j
public class TokenFilter extends GenericFilterBean {@Autowiredprivate SecurityProperties securityProperties;private final TokenUtil tokenUtil;TokenFilter(TokenUtil tokenUtil) {this.tokenUtil = tokenUtil;}@Overridepublic void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException {HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;String requestRri = httpServletRequest.getRequestURI();OnlineUser onlineUser = null;ExUser exUser = null;String authToken = null;String authTokenA = null;try {SecurityProperties properties = SpringContextHolder.getBean(SecurityProperties.class);OnlineUserService onlineUserService = SpringContextHolder.getBean(OnlineUserService.class);String clientType = httpServletRequest.getHeader(properties.getHeader());String miniProgramClientType = httpServletRequest.getHeader(properties.getMiniProgramHeader());// 检查是否存在PC端或小程序端的请求头if (clientType == null && miniProgramClientType == null) {log.error("Both Client-Type and Mini-Program-Client-Type headers are missing.");filterChain.doFilter(httpServletRequest, servletResponse);return;}if (StringUtils.isNotBlank(clientType)) {// PC端authToken = tokenUtil.getToken(httpServletRequest);} else if (StringUtils.isNotBlank(miniProgramClientType)) {// 小程序authTokenA = tokenUtil.getTokenA(httpServletRequest);}if (authToken == null && authTokenA == null) {log.error("Both authToken and authTokenA are null.");filterChain.doFilter(httpServletRequest, servletResponse);return;}if (StringUtils.isNotBlank(authToken)) {onlineUser = onlineUserService.getOne(properties.getOnlineKey() + authToken);} else if (StringUtils.isNotBlank(authTokenA)) {exUser = onlineUserService.getOneA(properties.getMiOnlineKey() + authTokenA);
//                String userJson = RedisUtil.get("userA");
//                ExUser user = JSON.parseObject(userJson, ExUser.class);}} catch (ExpiredJwtException e) {log.error(e.getMessage());}// PcString username = StringUtils.isNotBlank(authToken) ? tokenUtil.getUsernameFromToken(authToken) : null;// 小程序String usernameA = StringUtils.isNotBlank(authTokenA) ? tokenUtil.getUsernameFromToken(authTokenA) : null;if (onlineUser != null && username != null && SecurityContextHolder.getContext().getAuthentication() == null && tokenUtil.validateToken(authToken)) {UserDetails userDetails = tokenUtil.getUserDetails(authToken);UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));SecurityContextHolder.getContext().setAuthentication(authentication);log.debug("set Authentication to security context for '{}', uri: {}", authentication.getName(), requestRri);}else if(exUser != null && usernameA != null && SecurityContextHolder.getContext().getAuthentication() == null && tokenUtil.validateTokenA(authTokenA)){UserDetails userDetailsA = tokenUtil.getUserDetailsA(authTokenA);UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userDetailsA, null, null);authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));SecurityContextHolder.getContext().setAuthentication(authenticationToken);}else {tokenUtil.removeToken(authToken);tokenUtil.removeToken(authTokenA);log.debug("no valid JWT token found, uri: {}", requestRri);}filterChain.doFilter(httpServletRequest, servletResponse);}
}

4. 工具类完善

/*** Copyright (C) 2018-2022* All rights reserved, Designed By www.yixiang.co*/
package co.yixiang.modules.security.security;import co.yixiang.domain.ExUser;
import co.yixiang.modules.security.config.SecurityProperties;
import co.yixiang.modules.security.service.OnlineUserService;
import co.yixiang.modules.user.vo.OnlineUser;
import co.yixiang.utils.SpringContextHolder;
import co.yixiang.utils.StringUtils;
import io.jsonwebtoken.ExpiredJwtException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.GenericFilterBean;import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;/*** @author /*/
@Slf4j
public class TokenFilter extends GenericFilterBean {@Autowiredprivate SecurityProperties securityProperties;private final TokenUtil tokenUtil;TokenFilter(TokenUtil tokenUtil) {this.tokenUtil = tokenUtil;}@Overridepublic void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)throws IOException, ServletException {HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;String requestRri = httpServletRequest.getRequestURI();OnlineUser onlineUser = null;ExUser exUser = null;String authToken = null;String authTokenA = null;try {SecurityProperties properties = SpringContextHolder.getBean(SecurityProperties.class);OnlineUserService onlineUserService = SpringContextHolder.getBean(OnlineUserService.class);String clientType = httpServletRequest.getHeader(properties.getHeader());String miniProgramClientType = httpServletRequest.getHeader(properties.getMiniProgramHeader());// 检查是否存在PC端或小程序端的请求头if (clientType == null && miniProgramClientType == null) {log.error("Both Client-Type and Mini-Program-Client-Type headers are missing.");filterChain.doFilter(httpServletRequest, servletResponse);return;}if (StringUtils.isNotBlank(clientType)) {// PC端authToken = tokenUtil.getToken(httpServletRequest);} else if (StringUtils.isNotBlank(miniProgramClientType)) {// 小程序authTokenA = tokenUtil.getTokenA(httpServletRequest);}if (authToken == null && authTokenA == null) {log.error("Both authToken and authTokenA are null.");filterChain.doFilter(httpServletRequest, servletResponse);return;}if (StringUtils.isNotBlank(authToken)) {onlineUser = onlineUserService.getOne(properties.getOnlineKey() + authToken);} else if (StringUtils.isNotBlank(authTokenA)) {exUser = onlineUserService.getOneA(properties.getMiOnlineKey() + authTokenA);
//                String userJson = RedisUtil.get("userA");
//                ExUser user = JSON.parseObject(userJson, ExUser.class);}} catch (ExpiredJwtException e) {log.error(e.getMessage());}// PcString username = StringUtils.isNotBlank(authToken) ? tokenUtil.getUsernameFromToken(authToken) : null;// 小程序String usernameA = StringUtils.isNotBlank(authTokenA) ? tokenUtil.getUsernameFromToken(authTokenA) : null;if (onlineUser != null && username != null && SecurityContextHolder.getContext().getAuthentication() == null && tokenUtil.validateToken(authToken)) {UserDetails userDetails = tokenUtil.getUserDetails(authToken);UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));SecurityContextHolder.getContext().setAuthentication(authentication);log.debug("set Authentication to security context for '{}', uri: {}", authentication.getName(), requestRri);}else if(exUser != null && usernameA != null && SecurityContextHolder.getContext().getAuthentication() == null && tokenUtil.validateTokenA(authTokenA)){UserDetails userDetailsA = tokenUtil.getUserDetailsA(authTokenA);UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userDetailsA, null, null);authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));SecurityContextHolder.getContext().setAuthentication(authenticationToken);}else {tokenUtil.removeToken(authToken);tokenUtil.removeToken(authTokenA);log.debug("no valid JWT token found, uri: {}", requestRri);}filterChain.doFilter(httpServletRequest, servletResponse);}
}

5. 获取当前用户数据的工具

判断该接口是否被类实现

/*** Copyright (C) 2018-2022* All rights reserved, Designed By www.yixiang.co*/
package co.yixiang.utils;import cn.hutool.json.JSONObject;
import co.yixiang.domain.ExUser;
import co.yixiang.exception.BadRequestException;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;/*** 获取当前登录的用户* @author Zheng Jie* @date 2019-01-17*/
public class SecurityUtils {public static UserDetails getUserDetails() {final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();if (authentication == null) {throw new BadRequestException(HttpStatus.UNAUTHORIZED, "当前登录状态过期");}if(authentication.getPrincipal() instanceof ExUser){return (UserDetails) authentication.getPrincipal();}if (authentication.getPrincipal() instanceof UserDetails) {UserDetails userDetails = (UserDetails) authentication.getPrincipal();UserDetailsService userDetailsService = SpringContextHolder.getBean(UserDetailsService.class);return userDetailsService.loadUserByUsername(userDetails.getUsername());}throw new BadRequestException(HttpStatus.UNAUTHORIZED, "找不到当前登录的信息");}/*** 获取系统用户名称* @return 系统用户名称*/public static String getUsername(){final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();if (authentication == null) {throw new BadRequestException(HttpStatus.UNAUTHORIZED, "当前登录状态过期");}UserDetails userDetails = (UserDetails) authentication.getPrincipal();return userDetails.getUsername();}/*** 获取系统用户id* @return 系统用户id*/public static Long getUserId(){Object obj = getUserDetails();JSONObject json = new JSONObject(obj);return json.get("id", Long.class);}
}

这篇关于Yshop框架的小程序登录的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!


http://www.chinasem.cn/article/1034827

相关文章

Spring 框架之Springfox使用详解

Spring 框架之Springfox使用详解

《Spring框架之Springfox使用详解》Springfox是Spring框架的API文档工具,集成Swagger规范,自动生成文档并支持多语言/版本,模块化设计便于扩展,但存在版本兼容性、性... 目录核心功能工作原理模块化设计使用示例注意事项优缺点优点缺点总结适用场景建议总结Springfox 是
阅读更多...
CSS3打造的现代交互式登录界面详细实现过程

CSS3打造的现代交互式登录界面详细实现过程

《CSS3打造的现代交互式登录界面详细实现过程》本文介绍CSS3和jQuery在登录界面设计中的应用,涵盖动画、选择器、自定义字体及盒模型技术,提升界面美观与交互性,同时优化性能和可访问性,感兴趣的朋... 目录1. css3用户登录界面设计概述1.1 用户界面设计的重要性1.2 CSS3的新特性与优势1.
阅读更多...
Python的端到端测试框架SeleniumBase使用解读

Python的端到端测试框架SeleniumBase使用解读

《Python的端到端测试框架SeleniumBase使用解读》:本文主要介绍Python的端到端测试框架SeleniumBase使用,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全... 目录SeleniumBase详细介绍及用法指南什么是 SeleniumBase?SeleniumBase
阅读更多...
python编写朋克风格的天气查询程序

python编写朋克风格的天气查询程序

《python编写朋克风格的天气查询程序》这篇文章主要为大家详细介绍了一个基于Python的桌面应用程序,使用了tkinter库来创建图形用户界面并通过requests库调用Open-MeteoAPI... 目录工具介绍工具使用说明python脚本内容如何运行脚本工具介绍这个天气查询工具是一个基于 Pyt
阅读更多...
Ubuntu设置程序开机自启动的操作步骤

Ubuntu设置程序开机自启动的操作步骤

《Ubuntu设置程序开机自启动的操作步骤》在部署程序到边缘端时,我们总希望可以通电即启动我们写好的程序,本篇博客用以记录如何在ubuntu开机执行某条命令或者某个可执行程序,需要的朋友可以参考下... 目录1、概述2、图形界面设置3、设置为Systemd服务1、概述测试环境:Ubuntu22.04 带图
阅读更多...
Java中的登录技术保姆级详细教程

Java中的登录技术保姆级详细教程

《Java中的登录技术保姆级详细教程》:本文主要介绍Java中登录技术保姆级详细教程的相关资料,在Java中我们可以使用各种技术和框架来实现这些功能,文中通过代码介绍的非常详细,需要的朋友可以参考... 目录1.登录思路2.登录标记1.会话技术2.会话跟踪1.Cookie技术2.Session技术3.令牌技
阅读更多...
Python程序打包exe,单文件和多文件方式

Python程序打包exe,单文件和多文件方式

《Python程序打包exe,单文件和多文件方式》:本文主要介绍Python程序打包exe,单文件和多文件方式,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教... 目录python 脚本打成exe文件安装Pyinstaller准备一个ico图标打包方式一(适用于文件较少的程
阅读更多...
Python程序的文件头部声明小结

Python程序的文件头部声明小结

《Python程序的文件头部声明小结》在Python文件的顶部声明编码通常是必须的,尤其是在处理非ASCII字符时,下面就来介绍一下两种头部文件声明,具有一定的参考价值,感兴趣的可以了解一下... 目录一、# coding=utf-8二、#!/usr/bin/env python三、运行Python程序四、
阅读更多...
C++ HTTP框架推荐(特点及优势)

C++ HTTP框架推荐(特点及优势)

《C++HTTP框架推荐(特点及优势)》:本文主要介绍C++HTTP框架推荐的相关资料,本文通过实例代码给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,需要的朋友参考下吧... 目录1. Crow2. Drogon3. Pistache4. cpp-httplib5. Beast (Boos
阅读更多...
无法启动此程序因为计算机丢失api-ms-win-core-path-l1-1-0.dll修复方案

无法启动此程序因为计算机丢失api-ms-win-core-path-l1-1-0.dll修复方案

《无法启动此程序因为计算机丢失api-ms-win-core-path-l1-1-0.dll修复方案》:本文主要介绍了无法启动此程序,详细内容请阅读本文,希望能对你有所帮助... 在计算机使用过程中,我们经常会遇到一些错误提示,其中之一就是"api-ms-win-core-path-l1-1-0.dll丢失
阅读更多...

Copyright China编程 23002807@qq.com

沪ICP备2023033072号-2