注册
public Map<String, Object> register(String username, String password) {
Map<String, Object> map = new HashMap<String, Object>();
if (StringUtils.isBlank(username)) {
map.put("msgname", "用户名不能为空");
return map;
}
if (StringUtils.isBlank(password)) {
map.put("msgpwd", "密码不能为空");
return map;
}
User user = userDAO.selectByName(username);
if (user != null) {
map.put("msgname", "用户名已经被注册");
return map;
}
// 密码强度
user = new User();
user.setName(username);
user.setSalt(UUID.randomUUID().toString().substring(0, 5));
//默认头像
String head = String.format("http://images.nowcoder.com/head/%dt.png", new Random().nextInt(1000));
user.setHeadUrl(head);
user.setPassword(ToutiaoUtil.MD5(password+user.getSalt()));
userDAO.addUser(user);
// 登陆
String ticket = addLoginTicket(user.getId());
map.put("ticket", ticket);
return map;
}
登录
public Map<String, Object> login(String username, String password) {
Map<String, Object> map = new HashMap<String, Object>();
if (StringUtils.isBlank(username)) {
map.put("msgname", "用户名不能为空");
return map;
}
if (StringUtils.isBlank(password)) {
map.put("msgpwd", "密码不能为空");
return map;
}
User user = userDAO.selectByName(username);
if (user == null) {
map.put("msgname", "用户名不存在");
return map;
}
if (!ToutiaoUtil.MD5(password+user.getSalt()).equals(user.getPassword())) {
map.put("msgpwd", "密码不正确");
return map;
}
map.put("userId", user.getId());
String ticket = addLoginTicket(user.getId());
map.put("ticket", ticket);
return map;
}
private String addLoginTicket(int userId) {
LoginTicket ticket = new LoginTicket();
ticket.setUserId(userId);
Date date = new Date();
date.setTime(date.getTime() + 1000*3600*24);
//超时时间
ticket.setExpired(date);
ticket.setStatus(0);
ticket.setTicket(UUID.randomUUID().toString().replaceAll("-", ""));
loginTicketDAO.addTicket(ticket);
return ticket.getTicket();
}
public User getUser(int id) {
return userDAO.selectById(id);
}
public void logout(String ticket) {
loginTicketDAO.updateStatus(ticket, 1);
}
ticket可以放在数据库里,或Redis也可以。
访问
1.访问的客户端是否有被下发sessionid
2.如果有,判断ticket是否超时
3.没有超时,则通过ticket的userid用数据库查找到其user
4.把user的信息set进HostHolder里
5.在结束访问后,把HostHolder的user信息clear掉
@Component
public class PassportInterceptor implements HandlerInterceptor {
@Autowired
private LoginTicketDAO loginTicketDAO;
@Autowired
private UserDAO userDAO;
@Autowired
private HostHolder hostHolder;
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
String ticket = null;
if (httpServletRequest.getCookies() != null) {
for (Cookie cookie : httpServletRequest.getCookies()) {
if (cookie.getName().equals("ticket")) {
ticket = cookie.getValue();
break;
}
}
}
if (ticket != null) {
LoginTicket loginTicket = loginTicketDAO.selectByTicket(ticket);
if (loginTicket == null || loginTicket.getExpired().before(new Date()) || loginTicket.getStatus() != 0) {
return true;
}
User user = userDAO.selectById(loginTicket.getUserId());
hostHolder.setUser(user);
}
return true;
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
if (modelAndView != null && hostHolder.getUser() != null) {
modelAndView.addObject("user", hostHolder.getUser());
}
}
@Override
public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
hostHolder.clear();
}
}
LoginRequiredInterceptor用于判断是否有登录,有登录则可以访问该页面。
@Component
public class LoginRequiredInterceptor implements HandlerInterceptor {
@Autowired
private HostHolder hostHolder;
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
if (hostHolder.getUser() == null) {
httpServletResponse.sendRedirect("/?pop=1");
return false;
}
return true;
}
}
HostHolder
@Component
public class HostHolder {
private static ThreadLocal<User> users = new ThreadLocal<User>();
public User getUser() {
return users.get();
}
public void setUser(User user) {
users.set(user);
}
public void clear() {
users.remove();
}
}
@Component
public class ToutiaoWebConfiguration extends WebMvcConfigurerAdapter {
@Autowired
PassportInterceptor passportInterceptor;
@Autowired
LoginRequiredInterceptor loginRequiredInterceptor;
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(passportInterceptor);
registry.addInterceptor(loginRequiredInterceptor).
addPathPatterns("/msg/*").addPathPatterns("/like").addPathPatterns("/dislike");
super.addInterceptors(registry);
}
}