一、后端-登录态管理
UserService.java
/**
*用户登录
* @param userAccount 用户账号
* @param userPassword 用户密码
* @return 新用户脱敏信息
*/
User doLogin(String userAccount, String userPassword, HttpServletRequest request);
}
UserServicelmpl.java
@Override
public User userLogin(String userAccount, String userPassword, HttpServletRequest request) {
//1.账户不能包含特殊字符
String validPattern = "[`~!@#$%^&*()+=|{}':;',\\\\[\\\\].<>/?~!@#¥%……&*()——+|{}【】‘;:”“’。,、?]";
Matcher matcher = Pattern.compile(validPattern).matcher(userAccount);
if (!matcher.find()){
return null;
}
//2、加密密码
String encryptPassword =DigestUtils.md5DigestAsHex((SALT + userPassword).getBytes());
//账户查询用户是否存在
QueryWrapper<User> queryWrapper = new QueryWrapper<>();
queryWrapper.eq("userAccount", userAccount);
queryWrapper.eq("userAccount", encryptPassword);
User user = userMapper.selectOne(queryWrapper);
//用户不存在
if(user == null){
log.info("user long failed userAccount cannot match userPassword");
return null;
}
//3.用户脱敏
User safetyUser =new User();
safetyUser.setId(user.getId());
safetyUser.setUsername(user.getUsername());
safetyUser.setUserAccount(user.getUserAccount());
safetyUser.setAvatarUrl(user.getAvatarUrl());
safetyUser.setGender(user.getGender());
safetyUser.setEmail(user.getEmail());
safetyUser.setUserStatus(user.getUserStatus());
safetyUser.setCreamTime(user.getCreamTime());
//4.记录用户的登录态
request.getSession().setAttribute(USER_LOGIN_STATE,user);
return safetyUser;
}
二、配置逻辑删除
步骤 1: 配置com.baomidou.mybatisplus.core.config.GlobalConfig$DbConfig
例: application.yml,添加
mybatis-plus:
global-config:
db-config:
logic-delete-field: flag # 全局逻辑删除的实体字段名(since 3.3.0,配置后可以忽略不配置步骤2)
logic-delete-value: 1 # 逻辑已删除值(默认为 1)
logic-not-delete-value: 0 # 逻辑未删除值(默认为 0)
三、用户接口开发
1.Control层Controller封装请求
@RestController 适用于编写restful风格的 api,返认值默认为 json 类型
安装auto filling Java call argument
package com.yiping.usercenter.controller;
import com.yiping.usercenter.model.domain.User;
import com.yiping.usercenter.model.domain.request.UserLoginRequest;
import com.yiping.usercenter.model.domain.request.UserRegisterRequest;
import com.yiping.usercenter.service.UserService;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* 用户接口
*/
@RestController
@RequestMapping("/user")
public class UserController {
@Resource
private UserService userService;
@PostMapping("/register")
public Long userRegister(@RequestBody UserRegisterRequest userRegisterRequest){
if(userRegisterRequest == null){
return null;
}
String userAccount = userRegisterRequest.getUserAccount();
String userPassword =userRegisterRequest.getUserPassword();
String checkPassword =userRegisterRequest.getCheckPassword();
if(StringUtils.isAnyBlank(userAccount,userPassword,checkPassword)){
return null;
}
return userService.userRegister(userAccount, userPassword, checkPassword);
}
@PostMapping("/login")
public User userLogin(@RequestBody UserLoginRequest userLoginRequest,HttpServletRequest request){
if(userLoginRequest == null){
return null;
}
String userAccount = userLoginRequest.getUserAccount();
String userPassword =userLoginRequest.getUserPassword();
if(StringUtils.isAnyBlank(userAccount,userPassword)){
return null;
}
return userService.userLogin(userAccount, userPassword,request);
}
}
安装auto filling Java call argument
controller 层倾向于对请求参数本身的校验,不涉及业务逻辑本身(越少越好)
service 层是对业务逻辑的校验(有可能被 controller 之外的类调用)
四、编写request层
UserLoginRequest类
package com.yiping.usercenter.model.domain.request;
import lombok.Data;
import java.io.Serializable;
@Data
public class UserLoginRequest implements Serializable {
// private static final long serialVersionUID = 3746299857720087477L;
private String userAccount;
private String userPassword;
}
UserRegisterRequest类
package com.yiping.usercenter.model.domain.request;
import lombok.Data;
import java.io.Serializable;
/**
* 用户注册请求
*/
@Data
public class UserRegisterRequest implements Serializable {
private static final long serialVersionUID = 3746299857720087477L;
private String userAccount;
private String userPassword;
private String checkPassword;
}
五、接口开发及测试
POST http://localhost:8080/user/login
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>
{
"userAccount": xxxx,
"userPassword":xxxx
}
成功