小程序登录接口

dinner-core/src/main/java/com/fdage/base/dto/FullUserInfo.java

@@ -0,0 +1,29 @@
+package com.fdage.base.dto;
+
+import lombok.Data;
+
+import java.io.Serializable;
+
+/**
+ * 2 * @Author: Abner
+ * 3 * @Date: 2021/2/19 10:05
+ * 4
+ */
+@Data
+public class FullUserInfo implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    //errMsg
+    private String errMsg;
+    //rawData
+    private String rawData;
+    //userInfo
+    private UserInfo userInfo;
+    //encryptedData
+    private String encryptedData;
+    //iv
+    private String iv;
+    //signature
+    private String signature;
+}

dinner-core/src/main/java/com/fdage/base/dto/UserInfo.java

@@ -0,0 +1,28 @@
+package com.fdage.base.dto;
+
+import lombok.Data;
+
+import java.io.Serializable;
+
+/**
+ * 2 * @Author: Abner
+ * 3 * @Date: 2021/2/19 10:06
+ * 4
+ */
+@Data
+public class UserInfo implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    //
+    private String avatarUrl;
+    //
+    private String city;
+    //
+    private Integer gender;
+    //
+    private String nickName;
+    //
+    private String province;
+
+}

dinner-core/src/main/java/com/fdage/base/utils/ApiUserUtils.java

@@ -0,0 +1,30 @@
+package com.fdage.base.utils;
+
+import fdage.back.sdk.utils.ResourceUtil;
+
+/**
+ * 2 * @Author: Abner
+ * 3 * @Date: 2021/2/19 10:07
+ * 4
+ */
+public class ApiUserUtils {
+
+
+    //替换字符串
+    public static String getCode(String APPID, String REDIRECT_URI, String SCOPE) {
+        return String.format(ResourceUtil.getConfigByName("wx.getCode"), APPID, REDIRECT_URI, SCOPE);
+    }
+
+    //替换字符串
+    public static String getWebAccess(String CODE) {
+        return String.format(ResourceUtil.getConfigByName("wx.webAccessTokenhttps"),
+                ResourceUtil.getConfigByName("wx.appId"),
+                ResourceUtil.getConfigByName("wx.secret"),
+                CODE);
+    }
+
+    //替换字符串
+    public static String getUserMessage(String access_token, String openid) {
+        return String.format(ResourceUtil.getConfigByName("wx.userMessage"), access_token, openid);
+    }
+}

dinner-core/src/main/java/com/fdage/base/utils/DataUtils.java

@@ -1,5 +1,6 @@
 package com.fdage.base.utils;
 
+import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.google.zxing.BarcodeFormat;
 import com.google.zxing.EncodeHintType;
@@ -8,15 +9,21 @@ import com.google.zxing.common.BitMatrix;
 import com.google.zxing.qrcode.decoder.ErrorCorrectionLevel;
 import fdage.back.sdk.utils.FileUtils;
 import lombok.extern.log4j.Log4j2;
+import org.apache.tools.ant.util.DateUtils;
 import org.springframework.stereotype.Component;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
 import javax.imageio.ImageIO;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
 import java.awt.image.BufferedImage;
-import java.io.File;
-import java.io.IOException;
+import java.io.*;
 import java.math.BigDecimal;
+import java.net.ConnectException;
+import java.net.URL;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.*;
@@ -255,6 +262,121 @@ public class DataUtils {
         }
     }
 
+    /**
+     * 发送https请求
+     *
+     * @param requestUrl    请求地址
+     * @param requestMethod 请求方式（GET、POST）
+     * @param outputStr     提交的数据
+     * @return JSONObject(通过JSONObject.get(key)的方式获取json对象的属性值)
+     */
+    public static JSONObject httpsRequest(String requestUrl, String requestMethod, String outputStr) {
+        JSONObject jsonObject = null;
+        try {
+            // 创建SSLContext对象，并使用我们指定的信任管理器初始化
+            TrustManager[] tm = {new MyX509TrustManager()};
+            SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");
+            sslContext.init(null, tm, new java.security.SecureRandom());
+            // 从上述SSLContext对象中得到SSLSocketFactory对象
+            SSLSocketFactory ssf = sslContext.getSocketFactory();
+
+            URL url = new URL(requestUrl);
+            HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
+            conn.setSSLSocketFactory(ssf);
+
+            conn.setDoOutput(true);
+            conn.setDoInput(true);
+            conn.setUseCaches(false);
+            // 设置请求方式（GET/POST）
+            conn.setRequestMethod(requestMethod);
+
+            // 当outputStr不为null时向输出流写数据
+            if (null != outputStr) {
+                OutputStream outputStream = conn.getOutputStream();
+                // 注意编码格式
+                outputStream.write(outputStr.getBytes("UTF-8"));
+                outputStream.close();
+            }
+
+            // 从输入流读取返回内容
+            InputStream inputStream = conn.getInputStream();
+            InputStreamReader inputStreamReader = new InputStreamReader(inputStream, "utf-8");
+            BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
+            String str = null;
+            StringBuffer buffer = new StringBuffer();
+            while ((str = bufferedReader.readLine()) != null) {
+                buffer.append(str);
+            }
+
+            // 释放资源
+            bufferedReader.close();
+            inputStreamReader.close();
+            inputStream.close();
+            inputStream = null;
+            conn.disconnect();
+            jsonObject = JSONObject.parseObject(buffer.toString());
+        } catch (ConnectException ce) {
+            log.error("连接超时：{}", ce);
+        } catch (Exception e) {
+            log.error("https请求异常：{}", e);
+        }
+        return jsonObject;
+    }
+
+    /**
+     * 生成订单的编号order_sn
+     */
+    public static String generateOrderNumber() {
+        Calendar cal = Calendar.getInstance();
+        cal.setTime(new Date());
+        String timeStr = DateUtils.format(cal.getTime(), "yyyyMMddHHmmssSSS");
+        return timeStr + getRandomNum(6);
+    }
+
+    /**
+     * 获取随机字符串
+     *
+     * @param num
+     * @return
+     */
+    public static String getRandomNum(Integer num) {
+        String base = "0123456789";
+        Random random = new Random();
+        StringBuffer sb = new StringBuffer();
+        for (int i = 0; i < num; i++) {
+            int number = random.nextInt(base.length());
+            sb.append(base.charAt(number));
+        }
+        return sb.toString();
+    }
+
+
+    public static String getSha1(String str) {
+        if (str == null || str.length() == 0) {
+            return null;
+        }
+        char hexDigits[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
+                'a', 'b', 'c', 'd', 'e', 'f'};
+        try {
+            MessageDigest mdTemp = MessageDigest.getInstance("SHA1");
+            mdTemp.update(str.getBytes("UTF-8"));
+
+            byte[] md = mdTemp.digest();
+            int j = md.length;
+            char buf[] = new char[j * 2];
+            int k = 0;
+            for (int i = 0; i < j; i++) {
+                byte byte0 = md[i];
+                buf[k++] = hexDigits[byte0 >>> 4 & 0xf];
+                buf[k++] = hexDigits[byte0 & 0xf];
+            }
+            return new String(buf);
+        } catch (Exception e) {
+            // TODO: handle exception
+            return null;
+        }
+    }
+
    /* public static void main(String[] args) throws Exception{
         createQRCode("https://www.4dkankan.com/spc.html?m=t-pnj0IJX", "C:/Users/4dage/Desktop/logo-file/t-pnj0IJX1.png", null);
     }*/

dinner-core/src/main/java/com/fdage/base/utils/MyX509TrustManager.java

@@ -0,0 +1,37 @@
+package com.fdage.base.utils;
+
+import javax.net.ssl.X509TrustManager;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+public class MyX509TrustManager implements X509TrustManager {
+
+    /**
+     * 检查客户端证书
+     * @param chain
+     * @param authType
+     * @throws CertificateException
+     */
+    @Override
+    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+    }
+
+    /**
+     * 检查服务器端证书
+     * @param chain
+     * @param authType
+     * @throws CertificateException
+     */
+    @Override
+    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+    }
+
+    /**
+     * 返回受信任的X509证书数组
+     * @return
+     */
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+        return null;
+    }
+}

dinner-core/src/main/java/com/fdage/controller/BaseController.java

@@ -3,12 +3,18 @@ package com.fdage.controller;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.fdage.base.dto.ContextTokenBean;
+import com.fdage.base.entity.TmUser;
+import com.fdage.base.service.impl.TmUserServiceImpl;
+import com.fdage.base.utils.JwtUtil;
 import fdage.back.sdk.base.enums.ResultCodeEnum;
 import fdage.back.sdk.base.exception.CommonBaseException;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.RedisTemplate;
 
 import javax.servlet.http.HttpServletRequest;
+import java.io.BufferedReader;
+import java.io.IOException;
 
 /**
  * 2 * @Author: Abner
@@ -25,21 +31,61 @@ public class BaseController {
     @Autowired
     protected RedisTemplate redisTemplate;
 
+    @Autowired
+    protected TmUserServiceImpl tmUserService;
+
     protected String getToken(){
         return request.getHeader(TOKEN);
     }
 
-    protected ContextTokenBean getContextUserInfo(){
+    protected TmUser getContextUserInfo(){
         String token = request.getHeader(TOKEN);
-        JSONObject tokenJsonObj = (JSONObject) redisTemplate.opsForValue().get(token);
-        if(null == tokenJsonObj){
-            throw new CommonBaseException(3004 , "token失效");
+        if(!redisTemplate.hasKey(token)){
+            throw new CommonBaseException(3004 , "登录超时，请重新登录");
+        }
+        String userId = JwtUtil.getUserId(token);
+        if(StringUtils.isBlank(userId)){
+            throw new CommonBaseException(ResultCodeEnum.D101 , "登录用户非法");
+        }
+        TmUser tmUser = tmUserService.getById(userId);
+        if(null == tmUser){
+            throw new CommonBaseException(ResultCodeEnum.D101 , "登录用户不存在");
+        }
+        return tmUser;
+    }
+
+    public JSONObject getJsonRequest() {
+        JSONObject result = null;
+        StringBuilder sb = new StringBuilder();
+        try (BufferedReader reader = request.getReader();) {
+            char[] buff = new char[1024];
+            int len;
+            while ((len = reader.read(buff)) != -1) {
+                sb.append(buff, 0, len);
+            }
+            result = JSONObject.parseObject(sb.toString());
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+
+        return result;
+    }
+
+    /**
+     * 获取请求方IP
+     *
+     * @return 客户端Ip
+     */
+    public String getClientIp() {
+        String xff = request.getHeader("X-Real-IP");
+        if(xff!=null) {
+            return xff;
         }
-        ContextTokenBean contextTokenBean = JSON.parseObject(tokenJsonObj.toJSONString() , ContextTokenBean.class);
-        if(null == contextTokenBean){
-            throw new CommonBaseException(ResultCodeEnum.D101 , "解析token失败");
+        xff = request.getHeader("x-forwarded-for");
+        if (xff == null) {
+            return "8.8.8.8";
         }
-        return contextTokenBean;
+        return xff;
     }
 
 }

dinner-core/src/main/java/com/fdage/controller/app/AppAuthController.java

@@ -0,0 +1,77 @@
+package com.fdage.controller.app;
+
+import com.alibaba.fastjson.JSONObject;
+import com.fdage.base.dto.FullUserInfo;
+import com.fdage.base.dto.UserInfo;
+import com.fdage.base.utils.ApiUserUtils;
+import com.fdage.base.utils.DataUtils;
+import com.fdage.controller.BaseController;
+import fdage.back.sdk.base.entity.Result;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.extern.log4j.Log4j2;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 2 * @Author: Abner
+ * 3 * @Date: 2021/2/19 10:02
+ * 4
+ */
+@Api(tags = "app登录授权接口")
+@RestController
+@RequestMapping("/app/auth")
+@Log4j2
+public class AppAuthController extends BaseController {
+
+    /**
+     * 小程序微信登录
+     */
+    @ApiOperation(value = "微信登录")
+    @PostMapping("wxLogin")
+    public Result<Object> loginByWeixin() {
+        JSONObject jsonParam = this.getJsonRequest();
+        FullUserInfo fullUserInfo = null;
+        String code = "";
+        if (StringUtils.isNotBlank(jsonParam.getString("code"))) {
+            code = jsonParam.getString("code");
+        }
+        if (null != jsonParam.get("userInfo")) {
+            fullUserInfo = jsonParam.getObject("userInfo", FullUserInfo.class);
+        }
+        if (null == fullUserInfo) {
+            return Result.failure("登录失败");
+        }
+        Map<String, Object> resultObj = new HashMap<String, Object>();
+        //小程序获取到的微信用户的基础信息
+        UserInfo userInfo = fullUserInfo.getUserInfo();
+        //获取openid
+        //通过自定义工具类组合出小程序需要的登录凭证 code
+        String requestUrl = ApiUserUtils.getWebAccess(code);
+        log.info(">>>>请求微信的组合url为{}<<<<<" , requestUrl);
+        JSONObject sessionData = DataUtils.httpsRequest(requestUrl, "GET", null);
+
+        if (null == sessionData || StringUtils.isBlank(sessionData.getString("openid"))) {
+            return Result.failure("登录失败");
+        }
+        //验证用户信息完整性
+        String sha1 = DataUtils.getSha1(fullUserInfo.getRawData() + sessionData.getString("session_key"));
+        if (!fullUserInfo.getSignature().equals(sha1)) {
+            return Result.failure("登录失败");
+        }
+        //1、新增或者更新用户数据
+
+
+        //2、生成token返回给小程序
+
+
+        //3、返回店铺列表给前端?
+
+        return Result.success();
+    }
+}