13.5第5集登录校验Json Web Token实战之封装通用方法
package net.xdclass.util;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import lombok.extern.slf4j.Slf4j;
import net.xdclass.model.LoginUser;
import java.util.Date;
/**
* 小滴课堂,愿景:让技术不再难学
*
* @Description
* @Author 二当家小D
* @Remark 有问题直接联系我,源码-笔记-技术交流群
* @Version 1.0
**/
@Slf4j
public class JWTUtil {
/**
* 主题
*/
private static final String SUBJECT = "xdclass";
/**
* 加密密钥
*/
private static final String SECRET = "xdclass.net168";
/**
* 令牌前缀
*/
private static final String TOKNE_PREFIX = "dcloud-link";
/**
* token过期时间,7天
*/
private static final long EXPIRED = 1000 * 60 * 60 * 24 * 7;
/**
* 生成token
*
* @param loginUser
* @return
*/
public static String geneJsonWebTokne(LoginUser loginUser) {
if (loginUser == null) {
throw new NullPointerException("对象为空");
}
String token = Jwts.builder().setSubject(SUBJECT)
//配置payload
.claim("head_img", loginUser.getHeadImg())
.claim("account_no", loginUser.getAccountNo())
.claim("username", loginUser.getUsername())
.claim("mail", loginUser.getMail())
.claim("phone", loginUser.getPhone())
.claim("auth", loginUser.getAuth())
.setIssuedAt(new Date())
.setExpiration(new Date(CommonUtil.getCurrentTimestamp() + EXPIRED))
.signWith(SignatureAlgorithm.HS256, SECRET).compact();
token = TOKNE_PREFIX + token;
return token;
}
/**
* 解密jwt
* @param token
* @return
*/
public static Claims checkJWT(String token) {
try {
final Claims claims = Jwts.parser().setSigningKey(SECRET)
.parseClaimsJws(token.replace(TOKNE_PREFIX, "")).getBody();
return claims;
} catch (Exception e) {
log.error("jwt 解密失败");
return null;
}
}
}
package net.xdclass.service.impl;
import lombok.extern.slf4j.Slf4j;
import net.xdclass.controller.request.AccountLoginRequest;
import net.xdclass.controller.request.AccountRegisterRequest;
import net.xdclass.enums.AuthTypeEnum;
import net.xdclass.enums.BizCodeEnum;
import net.xdclass.enums.SendCodeEnum;
import net.xdclass.manager.AccountManager;
import net.xdclass.model.AccountDO;
import net.xdclass.model.LoginUser;
import net.xdclass.service.AccountService;
import net.xdclass.service.NotifyService;
import net.xdclass.util.CommonUtil;
import net.xdclass.util.JWTUtil;
import net.xdclass.util.JsonData;
import org.apache.commons.codec.digest.Md5Crypt;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.List;
@Service
@Slf4j
public class AccountServiceImpl implements AccountService {
@Autowired
private NotifyService notifyService;
@Autowired
private AccountManager accountManager;
/**
* 手机验证码验证
* 密码加密(TODO)
* 账号唯一性检查(TODO)
* 插入数据库
* 新注册用户福利发放(TODO)
* @param registerRequest
* @return
*/
@Override
public JsonData register(AccountRegisterRequest registerRequest) {
boolean checkCode = false;
//判断验证码
if(StringUtils.isNotBlank(registerRequest.getPhone())){
checkCode = notifyService.checkCode(SendCodeEnum.USER_REGISTER,registerRequest.getPhone(),registerRequest.getCode());
}
if(!checkCode){
return JsonData.buildResult(BizCodeEnum.CODE_ERROR);
}
AccountDO accountDO = new AccountDO();
BeanUtils.copyProperties(registerRequest,accountDO);
//认证级别
accountDO.setAuth(AuthTypeEnum.DEFAULT.name());
//生成唯一的账号 TODO
accountDO.setAccountNo(CommonUtil.getCurrentTimestamp());
//设置密码 密钥 盐
accountDO.setSecret("$1$"+ CommonUtil.getStringNumRandom(8));
String cryptPwd = Md5Crypt.md5Crypt(registerRequest.getPwd().getBytes(),accountDO.getSecret());
accountDO.setPwd(cryptPwd);
int rows = accountManager.insert(accountDO);
log.info("rows:{},注册成功:{}",rows,accountDO);
//用户注册成功,发放福利
userRegisterInitTask(accountDO);
return JsonData.buildSuccess();
}
@Override
public JsonData login(AccountLoginRequest request) {
List<AccountDO> accountDOList = accountManager.findByPhone(request.getPhone());
if(accountDOList!=null && accountDOList.size() == 1){
AccountDO accountDO = accountDOList.get(0);
String md5Crypt = Md5Crypt.md5Crypt(request.getPwd().getBytes(),accountDO.getSecret());
if(md5Crypt.equalsIgnoreCase(accountDO.getPwd())){
LoginUser loginUser = LoginUser.builder().build();
BeanUtils.copyProperties(accountDO,loginUser);
String token = JWTUtil.geneJsonWebTokne(loginUser);
//生成TOKEN TODO
return JsonData.buildSuccess(token);
}else {
return JsonData.buildResult(BizCodeEnum.ACCOUNT_PWD_ERROR);
}
}else{
return JsonData.buildResult(BizCodeEnum.ACCOUNT_UNREGISTER);
}
}
/**
* 用户初始化,发放福利:流量包(TODO)
* @param accountDO
*/
private void userRegisterInitTask(AccountDO accountDO) {
}
}