2020-7-15-1 - 副本 (3).jpg
小程序授权+获取用户手机号+jwt登录
注:本文来源于:CodeCow · 程序牛=> 微信小程序授权+获取用户手机号 + jwt登录
前言
上篇文章《公众号授权获取用户信息及jwt登录》小编以实操+源代码的方式和伙伴们演示了公众号授权,但却遗留了一个问题,公众号授权和小程序授权到底有什么区别?
什么是微信小程序授权 ?
官网:
https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/login.html
小编就不多BB先来张图 压压惊
授权合并 - 副本.png
这图要看不懂的话:
小编想上来就是一 JAO
小程序授权、手机号及JWT实操
1、controller层
@Slf4j
@CrossOrigin
@RestController
@RequestMapping("/operation")
public class RefuelManagerOperationController {
@Resource
private OAuthService oAuthService; //service层
/**
* 第一步:获取会话秘钥(session_key),给前段返回openID
*/
@ApiOperation(value = "授权获取会话秘钥", response = Code2SessionRespDTO.class)
@ApiResponses({@ApiResponse(code = 0, message = "Success"), @ApiResponse(code = 500, message = "failed")})
@PostMapping(value = "/getSessionKey", consumes = "application/json", produces = "application/json")
public RespResult<Code2SessionRespDTO> getWXOAuthCode2Session(@RequestBody @Valid GetWXOAuthCode2SessionReqDTO getWXOAuthCode2SessionReqDTO){
try {
//调用service层
return oAuthService.getWXOAuthCode2Session(getWXOAuthCode2SessionReqDTO.getCode());
} catch (Exception e) {
log.error("getWXOAuthCode2Session error: ", e);
return RespResult.error(RespResultEnum.ERROR.getCode(), e.getMessage());
}
}
/**
* 第二步:根据加密数据、初始向量 获取用户手机号
*/
@ApiOperation(value = "授权获取用户手机号", response = UserInfoDTO.class)
@ApiResponses({@ApiResponse(code = 0, message = "Success"), @ApiResponse(code = 500, message = "failed")})
@PostMapping(value = "/getUserMobile", consumes = "application/json", produces = "application/json")
public RespResult<UserInfoDTO> getUserMobile(@RequestBody @Valid WeiXinOAuthGetUserMobileReqDTO weiXinOAuthGetUserMobileReqDTO) {
try {
return oAuthService.getUserMobile(weiXinOAuthGetUserMobileReqDTO);
} catch (Exception e) {
log.error("getUserMobile error: ", e);
return RespResult.error(RespResultEnum.ERROR);
}
}
2、service层
public interface OAuthService {
RespResult<Code2SessionRespDTO> getWXOAuthCode2Session(String js_code);
RespResult<UserInfoDTO> getUserMobile(WeiXinOAuthGetUserMobileReqDTO weiXinOAuthGetUserMobileReqDTO);
}
骚操作 - 副本.gif
3、serviceImpl层
/**
* Create By CodeCow on 2020/6/29.
*/
@Slf4j
@Service
public class OAuthServiceImpl implements OAuthService {
@Resource
private CommonRestTemplateService templateService; //自己封装的restTemplate(在最后)
@Resource
private WeChatAuthorizeUtil weChatAuthorizeUtil;//授权工具类(在最后)
@Resource
private RefuelUserMapper refuelUserMapper;// 用户mapper层
@Resource
private JwtUtils jwtUtils; //jwt工具类(在最后)
@Resource
private RedisProperties redisProperties; //redis 配置(在最后)
@Resource
private RedisTemplate redisTemplate; //redisTemplate(在最后)
@Resource
private HttpServletResponse response;
@Override
public RespResult<Code2SessionRespDTO> getWXOAuthCode2Session(String js_code) {
Code2SessionRespDTO respDTO = new Code2SessionRespDTO();
ResponseEntity<String> responseEntity =
templateService.getForEntity(weChatAuthorizeUtil.getCode2SessionUrl(js_code));
if (responseEntity.getStatusCode().value() != HttpStatus.OK.value()) {
return RespResult.error(RespResultEnum.JS_CODE_REQ_ERROR);
}
WeiXinOAuthCode2SessionRespDTO code2SessionRespDTO =
JSON.parseObject(responseEntity.getBody(), WeiXinOAuthCode2SessionRespDTO.class);
if (StringUtils.isBlank(code2SessionRespDTO.getOpenid())) {
return RespResult.error(RespResultEnum.SESSION_KEY_ERROR.getCode(),
RespResultEnum.SESSION_KEY_ERROR.getmsg() + code2SessionRespDTO.getErrmsg());
}
redisTemplate.opsForValue().set(redisProperties.getSessionKey() + code2SessionRespDTO.getOpenid(),
code2SessionRespDTO.getSession_key());
RefuelUserDO userDO = getUserByOpenId(code2SessionRespDTO.getOpenid());
if( userDO == null){
respDTO.setIsMiniUser(UserLoginMarkEnum.FIRST_LOGIN.getLoginMark());
}else {
respDTO.setIsMiniUser(UserLoginMarkEnum.LAST_LOGIN.getLoginMark());
String token = jwtUtils.generateJwt(userDO.getUserId(),
UserTypeEnum.WX_USER.getUserType());
UserInfoDTO userInfoDTO = new UserInfoDTO();
BeanUtils.copyProperties(userDO,userInfoDTO);
userInfoDTO.setToken(token);
userInfoDTO.setUserId(String.valueOf(userDO.getUserId()));
userInfoDTO.setCreateTime(String.valueOf(userDO.getCreateTime().getTime()));
respDTO.setUserInfo(userInfoDTO);
}
respDTO.setOpenid(code2SessionRespDTO.getOpenid());
return RespResult.success(respDTO);
}
@Override
public RespResult<UserInfoDTO> getUserMobile(WeiXinOAuthGetUserMobileReqDTO reqDTO) {
UserInfoDTO respDTO = new UserInfoDTO();
WeiXinOAuthUserInfoRespDTO weiXinUserInfo =
JSON.parseObject(reqDTO.getUserInfo(), WeiXinOAuthUserInfoRespDTO.class);
String sessionKey = (String) redisTemplate.opsForValue().
get(redisProperties.getSessionKey() + weiXinUserInfo.getOpenid());
String mobileStr = WeChatMobileDecryptUtil.mobileDecrypt(sessionKey,
reqDTO.getIv(), reqDTO.getEncryptedData());
if (mobileStr == null) {
return RespResult.error(RespResultEnum.DECRYPT_MOBILE_ERROR);
}
WeiXinOAuthGetUserMobileRespDTO mobileInfo =
JSON.parseObject(mobileStr, WeiXinOAuthGetUserMobileRespDTO.class);
RefuelUserDO userInfo =
getUserByMobile(mobileInfo.getPhoneNumber());
RefuelUserDO refuelUserDO;
if (userInfo == null) {
refuelUserDO = insertRefuelUser(weiXinUserInfo, mobileInfo);
}else {
refuelUserDO = updateRefuelUser(userInfo, weiXinUserInfo);
}
BeanUtils.copyProperties(refuelUserDO, respDTO);
respDTO.setUserId(String.valueOf(refuelUserDO.getUserId()));
respDTO.setCreateTime(String.valueOf(refuelUserDO.getCreateTime().getTime()));
String token = jwtUtils.generateJwt(refuelUserDO.getUserId(),
UserTypeEnum.WX_USER.getUserType());
respDTO.setToken(token);
return RespResult.success(respDTO);
}
private RefuelUserDO getUserByOpenId(String openId) {
QueryWrapper<RefuelUserDO> queryWrapper = new QueryWrapper<>();
queryWrapper.eq(ColumnName.OPEN_ID, openId);
return refuelUserMapper.selectOne(queryWrapper);
}
private RefuelUserDO getUserByMobile(String mobile) {
QueryWrapper<RefuelUserDO> queryWrapper = new QueryWrapper<>();
queryWrapper.eq(ColumnName.MOBILE, mobile);
return refuelUserMapper.selectOne(queryWrapper);
}
4、WeChatAuthorizeUtil
@Slf4j
@Component
public class WeChatAuthorizeUtil {
private WeChatAuthorizeUtil(){
}
@Resource
private WechatConfig wechatConfig;
//调用 auth.code2Session 接口(也就是下面的URL),换取 用户唯一标识 OpenID 和 会话密钥 session_key。
public String getCode2SessionUrl(String js_code) {
return WeiXinOAuthColumn.OAUTH_CODE2SESSION_URI
.replace("APPID", wechatConfig.getAppId())
.replace("SECRET", wechatConfig.getSecretKey())
.replace("JSCODE", js_code);
}
// 此为公众号授权url (小编上篇文章有讲过公众号授权)
// 微信授权 用户无感知 url(也就是用户不用点授权也能获取openID(不包含昵称、地区等),前提:在公众号内)
public String getOAuthCodeUrl_BASE() throws UnsupportedEncodingException {
return WeiXinOAuthColumn.OAUTH_CODE_URI
.replace("APPID", wechatConfig.getAppId())
.replace("REDIRECT_URI", URLEncoder.encode(wechatConfig.getFirstCodeRedirectUrl(), ENCODE))
.replace("SCOPE", WeiXinOAuthColumn.SNSAPI_BASE)
.replace("STATE", WeiXinOAuthColumn.STATE);
}
// 此为公众号授权url(小编上篇文章有讲过公众号授权)
// 微信授权 用户有感知 url(也就是需要用户点击授权才行)
public String getOAuthCodeUrl_USER() throws UnsupportedEncodingException {
return WeiXinOAuthColumn.OAUTH_CODE_URI
.replace("APPID", wechatConfig.getAppId())
.replace("REDIRECT_URI", URLEncoder.encode(wechatConfig.getLoginCodeRedirectUrl(), ENCODE))
.replace("SCOPE", WeiXinOAuthColumn.SNSAPI_USERINFO)
.replace("STATE", WeiXinOAuthColumn.STATE);
}
5、JwtUtils
// jwt 加密和解密工具类
@Slf4j
@Component
public class JwtUtils {
private JwtUtils() {
}
@Resource
private JwtConfig jwtConfig; // jwt 配置(加签 和 过期时间)
/**
* 加密
* @param userId
* @return
*/
public String generateJwt(Long userId, String userType) {
byte[] encode = Base64.getEncoder().encode(jwtConfig.getSecurityKey().getBytes());
Map<String, Object> claims = Maps.newHashMap();
claims.put(ColumnName.USER_ID, userId); //用户userId
claims.put(ColumnName.USER_TYPE, userType); //用户角色
return Jwts.builder()
.addClaims(claims) //内容
.setIssuedAt(TimeUtil.now()) //发行时间
.setExpiration(TimeUtil.getExpiration(jwtConfig.getOutTime())) //超时时间
.signWith(SignatureAlgorithm.HS512, encode)
.compact();
}
/**
* 解密
* @param token
* @return
*/
public Claims extractJwt(String token) {
try {
byte[] encode = Base64.getEncoder().encode(jwtConfig.getSecurityKey().getBytes());
return Jwts.parser()
.setSigningKey(encode)
.parseClaimsJws(token)
.getBody();
} catch (Exception ex) {
log.error("parseJWT error for {}", token);
return null;
}
}
6、Code2SessionRespDTO
// 授权获取会话秘钥 返回给前段DTO
@Data
public class Code2SessionRespDTO {
@ApiModelProperty(value = "0-不是,1-是(是否为小程序用户)", required = true)
private String isMiniUser;
@ApiModelProperty(value = "openid", required = true)
private String openid;
@ApiModelProperty(value = "用户信息(isMiniUser=1时有数据)", required = false)
private UserInfoDTO userInfo;
}
7、WeiXinOAuthGetUserMobileReqDTO
// 获取用户手机号 请求DTO
@Data
public class WeiXinOAuthGetUserMobileReqDTO {
@NotEmpty
@ApiModelProperty(value = "完整用户信息的加密数据", required = true)
private String encryptedData;
@NotEmpty
@ApiModelProperty(value = "加密算法的初始向量", required = true)
private String iv;
@ApiModelProperty(value = "敏感数据对应的云 ID", required = false)
private String cloudID;
@ApiModelProperty(value = "用户信息", required = true)
private String userInfo;
}
生活如海,宽容作舟,泛舟于海,方知海之宽阔
推荐
最后
若有不懂,可留言、也可放肆私聊小编,微信:CodeCow-6666
若需源码,可在公众号内回复:小程序授权
公众号二维码.jpg
