文章目录
- 1.登录功能-后端
- 1.思路分析
- 2.完成对用户名和密码的校验
- 1.com/sun/usercenter/service/UserService.java 添加方法
- 2.com/sun/usercenter/service/impl/UserServiceImpl.java 添加方法
- 3.com/sun/usercenter/service/impl/UserServiceImpl.java 新增属性
- 3.记录用户的登录态并配置MyBatisPlus的逻辑删除
- 1.com/sun/usercenter/service/UserService.java 修改doLogin,增加参数 request
- 2.com/sun/usercenter/service/impl/UserServiceImpl.java 新增属性
- 3.com/sun/usercenter/service/impl/UserServiceImpl.java 添加代码
- doLogin 方法添加代码,记录用户登录态
- 4.配置MyBatisPlus的逻辑删除
- 1.application.yml 配置
- 2.实体类添加注解
- 2.接口开发及测试
- 1.com/sun/usercenter/controller/UserController.java 注册和登录接口
- 2.封装登录和注册请求信息的对象
- 1.文件目录
- 2.com/sun/usercenter/model/request/UserLoginRequest.java 用户登录请求体
- 3.com/sun/usercenter/model/request/UserRegisterRequest.java 用户注册请求体
- 3.单元测试
- 1.用户注册接口测试
- 1.debug模式启动IDEA
- 2.postman测试
- 2.用户登录接口测试
- 1.com/sun/usercenter/service/impl/UserServiceImpl.java的doLogin最后下断点
- 2.postman测试
- 3.查看session是否有用户登录状态的信息
- 4.放行,查看postman的返回结果
- 3.逻辑删除测试
- 1.在数据库中把刚才进行登录的用户id改成1
- 2.重新登录一下
- 3.用户管理接口
- 1.com/sun/usercenter/controller/UserController.java 添加方法
- 2.user表新增字段role表示用户权限
- 1.新增字段role
- 2.com/sun/usercenter/model/domain/User.java 实体类新增权限字段
- 3.Mapper.xml不用修改,因为这个字段本来就与表的字段对应
- 4.com/sun/usercenter/service/impl/UserServiceImpl.java 用户脱敏里面把role字段加进去
- 3.com/sun/usercenter/contant/UserConstant.java 存放用户常量的接口
- 4.com/sun/usercenter/controller/UserController.java 对两个接口进行权限验证
- 1.添加方法 isAdmin 判断是否为管理员
- 2.修改两个接口的方法
- 5.application.yml 设置session超时时间
- 6.单元测试
- 1.测试 searchUsers接口
- 1.登录
- 2.表中增加两条测试记录
- 3.进行查询,成功查询!
- 2.测试deleteUser接口
- 1.删除id为1的用户
- 2.查看数据库,成功进行逻辑删除
- 3.解决 searchUsers接口返回的用户信息没有脱敏的问题
- 1.com/sun/usercenter/service/UserService.java 添加方法
- 2.com/sun/usercenter/service/impl/UserServiceImpl.java 实现方法并修改逻辑
- 3.com/sun/usercenter/controller/UserController.java 修改searchUsers方法对查询到的用户列表进行脱敏
- 4.再次测试,敏感信息变成null了
1.登录功能-后端
1.思路分析
2.完成对用户名和密码的校验
1.com/sun/usercenter/service/UserService.java 添加方法
public Long userRegister(String userAccount, String userPassword, String checkPassword);
public User doLogin(String userAccount, String userPassword);
2.com/sun/usercenter/service/impl/UserServiceImpl.java 添加方法
@Override
public User doLogin(String userAccount, String userPassword) {
if (StringUtils.isAnyBlank(userAccount, userPassword)) {
return null;
}
if (!userAccount.matches("^[a-zA-Z0-9]{4,16}$")) {
return null;
}
if (userPassword.length() < 8) {
return null;
}
String encryptPassword = DigestUtils.md5DigestAsHex((SALT + userPassword).getBytes());
QueryWrapper<User> userQueryWrapper = new QueryWrapper<>();
userQueryWrapper.eq("userPassword", encryptPassword);
userQueryWrapper.eq("userAccount", userAccount);
User user = userMapper.selectOne(userQueryWrapper);
if (user == null) {
log.info("user login faild, userAccount can not match password");
return null;
}
return user;
}
3.com/sun/usercenter/service/impl/UserServiceImpl.java 新增属性
3.记录用户的登录态并配置MyBatisPlus的逻辑删除
1.com/sun/usercenter/service/UserService.java 修改doLogin,增加参数 request
public User doLogin(String userAccount, String userPassword, HttpServletRequest request);
2.com/sun/usercenter/service/impl/UserServiceImpl.java 新增属性
3.com/sun/usercenter/service/impl/UserServiceImpl.java 添加代码
doLogin 方法添加代码,记录用户登录态
User cleanUser = new User();
cleanUser.setId(user.getId());
cleanUser.setUsername(user.getUsername());
cleanUser.setUserAccount(user.getUserAccount());
cleanUser.setAvatarUrl(user.getAvatarUrl());
cleanUser.setGender(user.getGender());
cleanUser.setPhone(user.getPhone());
cleanUser.setEmail(user.getEmail());
cleanUser.setUserStatus(user.getUserStatus());
cleanUser.setCreateTime(user.getCreateTime());
HttpSession session = request.getSession();
session.setAttribute(USER_LOGIN_SAVE, cleanUser);
return cleanUser;
4.配置MyBatisPlus的逻辑删除
1.application.yml 配置
global-config:
db-config:
logic-delete-field: isDelete
logic-delete-value: 1
logic-not-delete-value: 0
2.实体类添加注解
2.接口开发及测试
1.com/sun/usercenter/controller/UserController.java 注册和登录接口
package com.sun.usercenter.controller;
import com.sun.usercenter.model.domain.User;
import com.sun.usercenter.model.request.UserLoginRequest;
import com.sun.usercenter.model.request.UserRegisterRequest;
import com.sun.usercenter.service.UserService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
@RestController
@RequestMapping("/user")
public class UserController {
@Resource
private UserService userService;
@PostMapping("/register")
public Long userRegister(@RequestBody UserRegisterRequest userRegisterRequest) {
if (userRegisterRequest == null) {
return null;
}
String userAccount = userRegisterRequest.getUserAccount();
String userPassword = userRegisterRequest.getUserPassword();
String checkPassword = userRegisterRequest.getCheckPassword();
if (StringUtils.isAnyBlank(userAccount, userPassword, checkPassword)) {
return null;
}
return userService.userRegister(userAccount, userPassword, checkPassword);
}
@PostMapping("/login")
public User userRegister(@RequestBody UserLoginRequest userLoginRequest, HttpServletRequest request) {
if (userLoginRequest == null) {
return null;
}
String userAccount = userLoginRequest.getUserAccount();
String userPassword = userLoginRequest.getUserPassword();
if (StringUtils.isAnyBlank(userAccount, userPassword)) {
return null;
}
return userService.doLogin(userAccount, userPassword, request);
}
}
2.封装登录和注册请求信息的对象
1.文件目录
2.com/sun/usercenter/model/request/UserLoginRequest.java 用户登录请求体
package com.sun.usercenter.model.request;
import lombok.Data;
@Data
public class UserLoginRequest {
private String userAccount;
private String userPassword;
}
3.com/sun/usercenter/model/request/UserRegisterRequest.java 用户注册请求体
package com.sun.usercenter.model.request;
import lombok.Data;
@Data
public class UserRegisterRequest {
private String userAccount;
private String userPassword;
private String checkPassword;
}
3.单元测试
1.用户注册接口测试
1.debug模式启动IDEA
2.postman测试
2.用户登录接口测试
1.com/sun/usercenter/service/impl/UserServiceImpl.java的doLogin最后下断点
2.postman测试
3.查看session是否有用户登录状态的信息
4.放行,查看postman的返回结果
3.逻辑删除测试
1.在数据库中把刚才进行登录的用户id改成1
2.重新登录一下
3.用户管理接口
1.com/sun/usercenter/controller/UserController.java 添加方法
@GetMapping("/search")
public List<User> searchUsers(String username) {
QueryWrapper<User> userQueryWrapper = new QueryWrapper<>();
if (StringUtils.isNotBlank(username)) {
userQueryWrapper.like("username", username);
}
return userService.list(userQueryWrapper);
}
@PostMapping("/delete")
public boolean deleteUser(@RequestBody Long id) {
if (id <= 0) {
return false;
}
return userService.removeById(id);
}
2.user表新增字段role表示用户权限
1.新增字段role
2.com/sun/usercenter/model/domain/User.java 实体类新增权限字段
3.Mapper.xml不用修改,因为这个字段本来就与表的字段对应
4.com/sun/usercenter/service/impl/UserServiceImpl.java 用户脱敏里面把role字段加进去
3.com/sun/usercenter/contant/UserConstant.java 存放用户常量的接口
package com.sun.usercenter.contant;
public interface UserConstant {
String USER_LOGIN_SAVE = "userLoginState";
Integer DEFAULT_ROLE = 0;
Integer ADMIN_ROLE = 1;
}
4.com/sun/usercenter/controller/UserController.java 对两个接口进行权限验证
1.添加方法 isAdmin 判断是否为管理员
public boolean isAdmin(HttpServletRequest request) {
User user = (User) request.getSession().getAttribute(USER_LOGIN_SAVE);
return user != null && user.getRole() == ADMIN_ROLE;
}
2.修改两个接口的方法
@GetMapping("/search")
public List<User> searchUsers(String username, HttpServletRequest request) {
if (!isAdmin(request)) {
return new ArrayList<>();
}
QueryWrapper<User> userQueryWrapper = new QueryWrapper<>();
if (StringUtils.isNotBlank(username)) {
userQueryWrapper.like("username", username);
}
return userService.list(userQueryWrapper);
}
@PostMapping("/delete")
public boolean deleteUser(long id, HttpServletRequest request) {
if (!isAdmin(request)) {
return false;
}
if (id <= 0) {
return false;
}
return userService.removeById(id);
}
5.application.yml 设置session超时时间
6.单元测试
1.测试 searchUsers接口
1.登录
2.表中增加两条测试记录
3.进行查询,成功查询!
2.测试deleteUser接口
1.删除id为1的用户
2.查看数据库,成功进行逻辑删除
3.解决 searchUsers接口返回的用户信息没有脱敏的问题
1.com/sun/usercenter/service/UserService.java 添加方法
User getCleanUser(User user);
2.com/sun/usercenter/service/impl/UserServiceImpl.java 实现方法并修改逻辑
@Override
public User getCleanUser(User user) {
User cleanUser = new User();
cleanUser.setId(user.getId());
cleanUser.setUsername(user.getUsername());
cleanUser.setUserAccount(user.getUserAccount());
cleanUser.setAvatarUrl(user.getAvatarUrl());
cleanUser.setGender(user.getGender());
cleanUser.setPhone(user.getPhone());
cleanUser.setEmail(user.getEmail());
cleanUser.setUserStatus(user.getUserStatus());
cleanUser.setCreateTime(user.getCreateTime());
cleanUser.setRole(user.getRole());
return cleanUser;
}
3.com/sun/usercenter/controller/UserController.java 修改searchUsers方法对查询到的用户列表进行脱敏
@GetMapping("/search")
public List<User> searchUsers(String username, HttpServletRequest request) {
if (!isAdmin(request)) {
return new ArrayList<>();
}
QueryWrapper<User> userQueryWrapper = new QueryWrapper<>();
if (StringUtils.isNotBlank(username)) {
userQueryWrapper.like("username", username);
}
List<User> userList = userService.list(userQueryWrapper);
return userList.stream().map(user -> {
return userService.getCleanUser(user);
}).collect(Collectors.toList());
}
4.再次测试,敏感信息变成null了
