接口url:/login
请求方式:POST
请求参数:
| 参数名称 | 参数类型 | 说明 |
|---|---|---|
| account | string | 账号 |
| password | string | 密码 |
返回数据:
{
"success": true,
"code": 200,
"msg": "success",
"data": "token"
}
添加jwt依赖包:
io.jsonwebtoken jjwt0.9.1
JWT工具类:
package com.mszlu.blog.utils;
import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.JwtBuilder;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
public class JWTUtils {
private static final String jwtToken = "123456Mszlu!@#$$";
public static String createToken(Long userId){
Map claims = new HashMap<>();
claims.put("userId",userId);
JwtBuilder jwtBuilder = Jwts.builder()
.signWith(SignatureAlgorithm.HS256, jwtToken) // 签发算法,秘钥为jwtToken
.setClaims(claims) // body数据,要唯一,自行设置
.setIssuedAt(new Date()) // 设置签发时间
.setExpiration(new Date(System.currentTimeMillis() + 24 * 60 * 60 * 60 * 1000));// 一天的有效时间
String token = jwtBuilder.compact();
return token;
}
public static Map checkToken(String token){
try {
Jwt parse = Jwts.parser().setSigningKey(jwtToken).parse(token);
return (Map) parse.getBody();
}catch (Exception e){
e.printStackTrace();
}
return null;
}
}
loginController:
package com.example.blog.controller;
import com.example.blog.service.LoginService;
import com.example.blog.vo.Result;
import com.example.blog.vo.params.LoginParams;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/login")
public class LoginController
{
@Autowired
private LoginService loginService;
@PostMapping
public Result login(@RequestBody LoginParams loginParams)
{
return loginService.login(loginParams);
}
}
LoginServiceImpl:
package com.example.blog.service.impl;
import com.alibaba.fastjson.JSON;
import com.example.blog.entity.SysUser;
import com.example.blog.service.LoginService;
import com.example.blog.service.SysUserService;
import com.example.blog.utils.JWTUtils;
import com.example.blog.vo.ErrorCode;
import com.example.blog.vo.Result;
import com.example.blog.vo.params.LoginParams;
import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.thymeleaf.util.StringUtils;
import java.util.Map;
import java.util.concurrent.TimeUnit;
@Service
@Transactional
public class LoginServiceImpl implements LoginService
{
//加密盐
private static final String salt = "mszlu!@#";
@Lazy
@Autowired
private SysUserService sysUserService;
@Autowired
private RedisTemplate redisTemplate;
@Override
public Result login(LoginParams loginParams)
{
String account = loginParams.getAccount();
String password = loginParams.getPassword();
if(StringUtils.isEmpty(account) || StringUtils.isEmpty(password))
{
return Result.fail(ErrorCode.PARAMS_ERROR.getCode(),ErrorCode.PARAMS_ERROR.getMsg());
}
password = DigestUtils.md5Hex(password+salt);
SysUser sysUser = sysUserService.findUserByAccountAndPassword(loginParams.getAccount(),password);
if(sysUser == null)
{
return Result.fail(ErrorCode.ACCOUNT_PWD_NOT_EXIST.getCode(),ErrorCode.ACCOUNT_PWD_NOT_EXIST.getMsg());
}
String token = JWTUtils.createToken(sysUser.getId());
redisTemplate.opsForValue().set("TOKEN_"+token, JSON.toJSonString(sysUser),1, TimeUnit.DAYS);
return Result.success(token);
}
}
SysUserServiceImpl:
package com.example.blog.service.impl;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.example.blog.dao.mapper.SysUserMapper;
import com.example.blog.entity.SysUser;
import com.example.blog.service.LoginService;
import com.example.blog.service.SysUserService;
import com.example.blog.vo.ErrorCode;
import com.example.blog.vo.LoginUserVo;
import com.example.blog.vo.Result;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.thymeleaf.util.StringUtils;
import java.util.List;
@Service
public class SysUserServiceImpl implements SysUserService
{
@Autowired
private SysUserMapper sysUserMapper;
@Override
public SysUser findUserByAccountAndPassword(String account, String password)
{
LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper<>();
queryWrapper.eq(SysUser::getAccount,account);
queryWrapper.eq(SysUser::getPassword,password);
return sysUserMapper.selectOne(queryWrapper);
}
}
设置返回给前端的错误码:
package com.example.blog.vo;
public enum ErrorCode
{
PARAMS_ERROR(415,"参数有误"),
ACCOUNT_PWD_NOT_EXIST(400,"用户名或密码不存在"),
TOKEN_ERROR(401,"token不合法"),
ACCOUNT_EXIST(401,"用户已经存在!"),
NO_PERMISSION(401,"无访问权限"),
SESSION_TIME_OUT(408,"会话超时"),
NO_LOGIN(401,"未登录"),;
private int code;
private String msg;
ErrorCode(int code, String msg){
this.code = code;
this.msg = msg;
}
public int getCode() {
return code;
}
public void setCode(int code) {
this.code = code;
}
public String getMsg() {
return msg;
}
public void setMsg(String msg) {
this.msg = msg;
}
}
获取用户信息:
接口url:/users/currentUser
请求方式:GET
请求参数:
| 参数名称 | 参数类型 | 说明 |
|---|---|---|
| Authorization | string | 头部信息(TOKEN) |
返回数据:
{
"success": true,
"code": 200,
"msg": "success",
"data": {
"id":1,
"account":"1",
"nickaname":"1",
"avatar":"ss"
}
}
后端逻辑:
1.前端传token给后端
2.LoginServiceImpl调用checkToken检查token是否合法(我觉得没必要,直接从redis里面找就可以了)
3.JWT调用checkToken,获取map(里面主要存的是B部分,也就是userId)
4.判断map是否为空,如果为空,则返回null。
如果不为空,则从redis里面取出对应的sysUser(String),再通过parseObject返回SysUser.class的sysUser。
5.如果LoginServiceImpl调用的checkToken返回的是null,则直接返回fail
6.如果不是null,则将获取的sysUser封装为前端所需要的LoginUserVo,再进行返回
UserController:
package com.example.blog.controller;
import com.example.blog.service.SysUserService;
import com.example.blog.vo.Result;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/users")
public class UserController
{
@Autowired
private SysUserService sysUserService;
@GetMapping("/currentUser")
public Result currentUser(@RequestHeader("Authorization") String token)
{
return sysUserService.findUserByToken(token);
}
}
SysUserServiceImpl:
package com.example.blog.service.impl;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.example.blog.dao.mapper.SysUserMapper;
import com.example.blog.entity.SysUser;
import com.example.blog.service.LoginService;
import com.example.blog.service.SysUserService;
import com.example.blog.vo.ErrorCode;
import com.example.blog.vo.LoginUserVo;
import com.example.blog.vo.Result;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.thymeleaf.util.StringUtils;
import java.util.List;
@Service
public class SysUserServiceImpl implements SysUserService
{
@Autowired
private SysUserMapper sysUserMapper;
@Autowired
private LoginService loginService;
@Override
public SysUser findUserByAccountAndPassword(String account, String password)
{
LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper<>();
queryWrapper.eq(SysUser::getAccount,account);
queryWrapper.eq(SysUser::getPassword,password);
return sysUserMapper.selectOne(queryWrapper);
}
@Override
public Result findUserByToken(String token)
{
SysUser sysUser = loginService.checkToken(token);
if(sysUser == null)
{
return Result.fail(ErrorCode.TOKEN_ERROR.getCode(),ErrorCode.TOKEN_ERROR.getMsg());
}
LoginUserVo loginUserVo = new LoginUserVo();
loginUserVo.setId(sysUser.getId());
loginUserVo.setNickname(sysUser.getNickname());
loginUserVo.setAccount(sysUser.getAccount());
loginUserVo.setAvatar(sysUser.getAvatar());
return Result.success(loginUserVo);
}
}
将获取的sysUser封装为前端所需要的LoginUserVo,再进行返回:
LoginUserVo:
package com.example.blog.vo;
import lombok.Data;
@Data
public class LoginUserVo
{
private Long id;
private String account;
private String nickname;
private String avatar;
}
LoginServiceImpl:
package com.example.blog.service.impl;
import com.alibaba.fastjson.JSON;
import com.example.blog.entity.SysUser;
import com.example.blog.service.LoginService;
import com.example.blog.service.SysUserService;
import com.example.blog.utils.JWTUtils;
import com.example.blog.vo.ErrorCode;
import com.example.blog.vo.Result;
import com.example.blog.vo.params.LoginParams;
import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.thymeleaf.util.StringUtils;
import java.util.Map;
import java.util.concurrent.TimeUnit;
@Service
@Transactional
public class LoginServiceImpl implements LoginService
{
//加密盐
private static final String salt = "mszlu!@#";
@Lazy
@Autowired
private SysUserService sysUserService;
@Autowired
private RedisTemplate redisTemplate;
@Override
public Result login(LoginParams loginParams)
{
String account = loginParams.getAccount();
String password = loginParams.getPassword();
if(StringUtils.isEmpty(account) || StringUtils.isEmpty(password))
{
return Result.fail(ErrorCode.PARAMS_ERROR.getCode(),ErrorCode.PARAMS_ERROR.getMsg());
}
password = DigestUtils.md5Hex(password+salt);
SysUser sysUser = sysUserService.findUserByAccountAndPassword(loginParams.getAccount(),password);
if(sysUser == null)
{
return Result.fail(ErrorCode.ACCOUNT_PWD_NOT_EXIST.getCode(),ErrorCode.ACCOUNT_PWD_NOT_EXIST.getMsg());
}
String token = JWTUtils.createToken(sysUser.getId());
redisTemplate.opsForValue().set("TOKEN_"+token, JSON.toJSonString(sysUser),1, TimeUnit.DAYS);
return Result.success(token);
}
@Override
public SysUser checkToken(String token)
{
if(StringUtils.isEmpty(token))
{
return null;
}
Map stringObjectMap = JWTUtils.checkToken(token);
if(stringObjectMap == null)
{
return null;
}
String userJson = redisTemplate.opsForValue().get("TOKEN_" + token);
if(StringUtils.isEmpty(userJson))
{
return null;
}
return JSON.parseObject(userJson,SysUser.class);
}
}
退出登录:前端传入对应token,后端从redis删掉该token即可
LogoutController:
package com.example.blog.controller;
import com.example.blog.service.LoginService;
import com.example.blog.vo.Result;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("logout")
public class LogoutController
{
@Autowired
private LoginService loginService;
@GetMapping
public Result logout(@RequestHeader("Authorization") String token)
{
return loginService.logout(token);
}
}
loginServiceImpl
@Override
public Result logout(String token)
{
redisTemplate.delete("TOKEN_"+token);
return Result.success(null);
}
