1.导入项目
2.基于Session实现登录
手机验证码完整实现
/**
* 发送验证码
* @param phone
* @param session
* @return
*/
@Override
public Result sendCode(String phone, HttpSession session) {
//1.校验手机号
if(RegexUtils.isPhoneInvalid(phone)){
//2.如果不符合,返回错误信息
return Result.fail("手机号格式错误");
}
//3.符合生成验证码
String code =RandomUtil.randomNumbers(6);
//4.保存验证码到session
session.setAttribute("code",code);
//5.发送验证码
log.debug("验证码发送成功:{}",code);
return Result.ok();
}
/**
* 短信验证码登录
* @param loginForm
* @param session
* @return
*/
@Override
public Result login(LoginFormDTO loginForm, HttpSession session) {
//1.校验手机号
String phone = loginForm.getPhone();
//2.如果不符合,返回错误信息
if(RegexUtils.isPhoneInvalid(phone)){
return Result.fail("手机号格式错误");
}
//3.校验验证码
Object cacheCode = session.getAttribute("code");
String code = loginForm.getCode();
//4.不一致报错
if(code==null || !cacheCode.toString().equals(code)){
return Result.fail("验证码错误");
}
//5.根据手机号查询用户是否存在
User user = query().eq("phone", phone).one();
if (user == null) {
//6.不存在,创建新用户
user=createUserWithPhone(phone);
}
//8.保存用户到session
session.setAttribute("user",user);
return Result.ok();
}
private User createUserWithPhone(String phone) {
User user = new User();
user.setPhone(phone);
user.setNickName(USER_NICK_NAME_PREFIX+RandomUtil.randomString(10));
//7.保存用户到数据库
//保存用户
save(user);
return user;
}
3.实现登录校验拦截器
/**
* 短信验证码登录
* @param loginForm
* @param session
* @return
*/
@Override
public Result login(LoginFormDTO loginForm, HttpSession session) {
//1.校验手机号
String phone = loginForm.getPhone();
//2.如果不符合,返回错误信息
if(RegexUtils.isPhoneInvalid(phone)){
return Result.fail("手机号格式错误");
}
//3.校验验证码
Object cacheCode = session.getAttribute("code");
String code = loginForm.getCode();
//4.不一致报错
if(code==null || !cacheCode.toString().equals(code)){
return Result.fail("验证码错误");
}
//5.根据手机号查询用户是否存在
User user = query().eq("phone", phone).one();
if (user == null) {
//6.不存在,创建新用户
user=createUserWithPhone(phone);
}
//8.保存用户到session
session.setAttribute("user", BeanUtil.copyProperties(user,UserDTO.class));
return Result.ok();
}
@Configuration
public class MvcConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new LoginInterceptor())
.excludePathPatterns(
"/shop/**",
"/shop-type/**",
"/voucher/**",
"/upload/**",
"/blog/hot",
"/user/code",
"/user/login"
);
}
}
public class LoginInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
//1.获取session
HttpSession session = request.getSession();
//2.获取session中的用户
Object user = session.getAttribute("user");
//3.判断用户是否存在
if(user==null){
//4.用户不存在进行拦截
response.setStatus(401);
return false;
}
//5.用户存在将用户信息保存到ThreadLocal
UserHolder.saveUser((UserDTO) user);
//6.放行
return HandlerInterceptor.super.preHandle(request, response, handler);
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
//移除用户
UserHolder.removeUser();
HandlerInterceptor.super.afterCompletion(request, response, handler, ex);
}
}
@GetMapping("/me")
public Result me(){
// TODO 获取当前登录的用户并返回
UserDTO userDTO = UserHolder.getUser();
return Result.ok(userDTO);
}
public class UserHolder {
private static final ThreadLocal<UserDTO> tl = new ThreadLocal<>();
public static void saveUser(UserDTO user){
tl.set(user);
}
public static UserDTO getUser(){
return tl.get();
}
public static void removeUser(){
tl.remove();
}
}