注册
1、判断账号密码验证码有没写上
2、判断验证码对不对
3、判断账户名在数库里有没有
4、如果有,告诉用户已经注册了,请换一个名
5、如果没有,把用户的信息存进数据库
6、注册成功
npm i uuid
生成不重复字符串
const {v4:uuid} = require('uuid')
uuid()
密码加密
npm i md5
const md5 = require('md5');
md5(str)
验证码
利用第三方中间件
npm i svg-captcha
npm i express-session
router.get('/getcode', function (req, res, next) {
let svgico = svgCaptcha.create({
size: 4,
ignoreChars: '0o1Il',
noise: 3,
color: false,
background: '#eee'
})
req.session.code = svgico.text
console.log(req.session.code)
// render svgico data into page
res.type('svg')
res.send(svgico.data)
})
注册代码实例
// register
router.post('/register', async (req, res, next) => {
let { username, password, code } = req.body
// console.log(username, password, code)
// judge whether username, password and code is null
// if it is null return
if (!username || !password || !code) {
res.status(403).send('Please input username or password or verification code')
return
}
// refresh code if session expires
if (!req.session.code) {
res.status(403).send('Please refresh verification code')
return
}
// judge whether the entered code correct
// console.log(req.session.code)
if (req.session.code.toUpperCase() != code.toUpperCase()) {
// if enter wrong code, code is invalid
req.session.code = undefined
res.status(403).send('Verification code is not correct')
return
}
let sql = `SELECT * FROM member WHERE username = '${username}'`
let [err, result] = await db.query(sql);
// console.log(result.length)
if (result.length > 0) {
res.status(403).send('Username has existed, please go to login in')
return
}
// add user information to member
// Generate non duplicate UID
let uid = uuid()
// Password encryption
password = md5(password)
let head_photo_url = 'image_source/head_photo/girl_head_03.png'
let createdate = new Date().getTime()
// console.log(uid, password, createdate)
let sql1 = `INSERT INTO member(uid, username, password, head_photo_url, createdate)
VALUES('${uid}','${username}','${password}','${head_photo_url}','${createdate}')`
let [err1] = await db.query(sql1)
res.send(getMsg('Register success', 200))
})
登录
token的使用
token
下载:
npm i jsonwebtoken
引入:
const jwt=require("jsonwebtoken")
加密:
jwt.sign(用户名和uid,密令,过期时间)
加密后会返回一个字符串
前端可以通过请求头的authorization传递
过期时间以秒为单位
let token=jwt.sign({"username":"jiaxin",uid:"111111"},"624553259@qq.com",{expiresIn:60})
解密:
jwt.verify(token,密令)
let decoded=jwt.verify(token,"624553259@qq.com")
封装token方法
tool.js
const jwt = require('jsonwebtoken');
let secret = 'zjxzjx624553259'
function setToken(user) {
return jwt.sign(
user,
secret,
{
expiresIn: 60 // seconds
}
)
}
function getToken(token) {
try {
return jwt.verify(token, secret)
} catch (error) {
console.log('Token expired or no token')
return false
}
}
exports.setToken = setToken;
exports.getToken = getToken;
登录步骤
1、判断账号密码验证码有没写上
2、判断验证码对不对
3、判断用户名在数据库里有没有
4、如果没有,告诉用户请跳转注册页
5、判断用户名或密码是否匹配
6、登录成功,返回token值
登录代码实例
router.post('/login', async (req, res, next) => {
let { username, password, code } = req.body
// console.log(username, password, code)
// judge whether username, password and code is null
// if it is null return
if (!username || !password || !code) {
res.status(403).send('Please input username or password or verification code')
return
}
// refresh code if session expires
if (!req.session.code) {
res.status(403).send('Please refresh verification code')
return
}
// judge whether the entered code correct
// console.log(req.session.code)
if (req.session.code.toUpperCase() != code.toUpperCase()) {
// if enter wrong code, code is invalid
req.session.code = undefined
res.status(403).send('Verification code is not correct')
return
}
// judge whether the user exists
let sql = `SELECT * FROM member WHERE username = '${username}'`
let [err, result] = await db.query(sql);
if (result.length == 0) {
// console.log('Username not exists, please go to register')
res.status(403).send('Username not exists, please go to register')
return
}
// only username and password matches, user can login in
password = md5(password)
let sql1 = `SELECT id, uid, username, password,
CONCAT("${url}", head_photo_url) AS head_photo_url,
createdate
FROM member WHERE username = '${username}'
AND password = '${password}'`
let [err1, result1] = await db.query(sql1)
// console.log(result1)
if (result1.length == 0) {
res.status(403).send('Username or password is not correct')
return
}
// User can login in, get token
let user = {
username: result1[0].username,
uid: result1[0].uid
}
let token = setToken(user)
// Login success
res.send(getMsg('Login success', 200, token))
})
个人中心
当访问个人中心的时候,前端需要传过来一个标识(token),标识着用户有没有登录,如果有登录,那么允许访问,如果没有登录,就提示用户先登录
router.get('/personal', async (req, res, next) => {
// console.log(getToken(req.headers.authorization))
let user = getToken(req.headers.authorization)
if (!user) {
res.status(403).send('Please login in first')
}
else {
// console.log(user.username)
let username = user.username
let sql = `SELECT id, uid, username, password,
CONCAT("${url}", head_photo_url) AS head_photo_url,
createdate
FROM member WHERE username = '${username}'`
let [err, result] = await db.query(sql)
if (!err) {
res.send(getMsg('Personal center success', 200, result))
} else {
next('Personal center failure')
}
}
/*
{
username: 'wbeilbbpx',
uid: '9dc74466-3101-11e9-850c-e0accb719100',
iat: 1610602966,
exp: 1610603026
}
*/
})