1. Implement SMS login based on session
1.1 SMS login flow chart
1.2 Implementation of sending SMS verification code
Front-end request instructions:
POST | |
/user/code | |
phone (phone number) | |
None |
@Slf4j @Service public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService { @Override public Result sendCode(String phone, HttpSession session) { // 1. 校验手机号 if(RegexUtils.isPhoneInvalid(phone)){ // 2. 如果不符合,返回错误信息 return Result.fail("手机号格式错误!"); } // 3. 符合,生成验证码(设置生成6位) String code = RandomUtil.randomNumbers(6); // 4. 保存验证码到 session session.setAttribute("code", code); // 5. 发送验证码(这里并未实现,通过日志记录) log.debug("发送短信验证码成功,验证码:{}", code); // 返回 ok return Result.ok(); } }1.3 Implement SMS verification code login and registrationFront-end request instructions
POST | |
/ user/login | |
phone (phone number); code (verification code) | |
None |
@Slf4j @Service public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService { @Override public Result login(LoginFormDTO loginForm, HttpSession session) { // 1. 校验手机号 String phone = loginForm.getPhone(); if(RegexUtils.isPhoneInvalid(phone)){ // 不一致,返回错误信息 return Result.fail("手机号格式错误!"); } // 2. 校验验证码 String cacheCode = (String) session.getAttribute("code"); String code = loginForm.getCode(); if(cacheCode == null || !cacheCode.equals(cacheCode)){ // 不一致,返回错误信息 return Result.fail("验证码错误!"); } // 4. 一致,根据手机号查询用户(这里使用的 mybatis-plus) User user = query().eq("phone", phone).one(); // 5. 判断用户是否存在 if(user == null){ // 6. 不存在,创建新用户并保存 user = createUserWithPhone(phone); } // 7. 保存用户信息到 session 中(通过 BeanUtil.copyProperties 方法将 user 中的信息过滤到 UserDTO 上,即用来隐藏部分信息) session.setAttribute("user", BeanUtil.copyProperties(user, UserDTO.class)); return Result.ok(); } private User createUserWithPhone(String phone) { // 1. 创建用户 User user = new User(); user.setPhone(phone); user.setNickName("user_" + RandomUtil.randomString(10)); // 2. 保存用户(这里使用 mybatis-plus) save(user); return user; } }1.4 Implement login verification interceptorLogin verification interceptor Implementation:
public class LoginInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // 1. 获取 session HttpSession session = request.getSession(); // 2. 获取 session 中的用户 UserDTO user = (UserDTO) session.getAttribute("user"); // 3. 判断用户是否存在 if(user == null){ // 4. 不存在,拦截,返回 401 未授权 response.setStatus(401); return false; } // 5. 存在,保存用户信息到 ThreadLocal UserHolder.saveUser(user); // 6. 放行 return true; } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { // 移除用户,避免内存泄露 UserHolder.removeUser(); } }UserHolder class implementation: This class defines a static ThreadLocal
public class UserHolder { private static final ThreadLocal<UserDTO> tl = new ThreadLocal<>(); public static void saveUser(UserDTO user){ tl.set(user); } public static UserDTO getUser(){ return tl.get(); } public static void removeUser(){ tl.remove(); } }Configuration interceptor:
@Configuration public class MvcConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new LoginInterceptor()) .excludePathPatterns( "/user/login", "/user/code" ); } }Front-end request description:
POST | |
/user/me | |
None | |
None |
@Slf4j @Service public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService { @Override public Result me() { UserDTO user = UserHolder.getUser(); return Result.ok(user); } }2. Cluster session sharing problemsession sharing problem : Multiple tomcats do not share session storage space. When the request is switched to different tomcat services, it will cause data loss. Session alternatives should meet the following conditions:
- Data sharing (different tomcats can access data in Redis)
- Memory storage (Redis stores through memory)
- key, value structure (Redis is a key-value structure)
3.1 Redis implements shared session login flow chart
##3.2 Implement sending SMS verification code
Front-end request instructions:
Instructions |
|
---|---|
POST | |
/user/code | |
phone(phone number) | |
None |
@Slf4j @Service public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService { @Resource private StringRedisTemplate stringRedisTemplate; @Override public Result sendCode(String phone, HttpSession session) { // 1. 校验手机号 if (RegexUtils.isPhoneInvalid(phone)) { // 2. 如果不符合,返回错误信息 return Result.fail("手机号格式错误!"); } // 3. 符合,生成验证码(设置生成6位) String code = RandomUtil.randomNumbers(6); // 4. 保存验证码到 Redis(以手机号为 key,设置有效期为 2min) stringRedisTemplate.opsForValue().set("login:code:" + phone, code, 2, TimeUnit.MINUTES); // 5. 发送验证码(这里并未实现,通过日志记录) log.debug("发送短信验证码成功,验证码:{}", code); // 返回 ok return Result.ok(); } }
3.3 Implement SMS verification code login and registration
Front-end request instructions:
Description |
|
---|---|
POST | |
/user/login | |
phone (phone number); code (verification code) | ##Return value |
public class RefreshTokenInterceptor implements HandlerInterceptor { private StringRedisTemplate stringRedisTemplate; public RefreshTokenInterceptor(StringRedisTemplate stringRedisTemplate){ this.stringRedisTemplate = stringRedisTemplate; } @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // 1. 获取请求头中的 token String token = request.getHeader("authorization"); if (StrUtil.isBlank(token)) { return true; } // 2. 基于 token 获取 redis 中的用户 String tokenKey = "login:token:" + token; Map<Object, Object> userMap = stringRedisTemplate.opsForHash().entries(tokenKey); // 3. 判断用户是否存在 if (userMap.isEmpty()) { return true; } // 5. 将查询到的 Hash 数据转为 UserDTO 对象 UserDTO user = BeanUtil.fillBeanWithMap(userMap, new UserDTO(), false); // 6. 存在,保存用户信息到 ThreadLocal UserHolder.saveUser(user); // 7. 刷新 token 有效期 30 min stringRedisTemplate.expire(tokenKey, 30, TimeUnit.MINUTES); // 8. 放行 return true; } }Login verification interceptor implementation:
public class LoginInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { // 1. 获取 session HttpSession session = request.getSession(); // 2. 获取 session 中的用户 UserDTO user = (UserDTO) session.getAttribute("user"); // 3. 判断用户是否存在 if(user == null){ // 4. 不存在,拦截,返回 401 未授权 response.setStatus(401); return false; } // 5. 存在,保存用户信息到 ThreadLocal UserHolder.saveUser(user); // 6. 放行 return true; } @Override public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception { // 移除用户,避免内存泄露 UserHolder.removeUser(); } }UserHolder class implementation: This class defines a static ThreadLocal
public class UserHolder { private static final ThreadLocal<UserDTO> tl = new ThreadLocal<>(); public static void saveUser(UserDTO user){ tl.set(user); } public static UserDTO getUser(){ return tl.get(); } public static void removeUser(){ tl.remove(); } }Configure interceptor:
@Configuration public class MvcConfig implements WebMvcConfigurer { @Resource private StringRedisTemplate stringRedisTemplate; @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new RefreshTokenInterceptor(stringRedisTemplate)) .addPathPatterns("/**").order(0); registry.addInterceptor(new LoginInterceptor()) .excludePathPatterns( "/user/login", "/user/code" ).order(1); } }Front-end request description:
Description | Request method |
---|---|
Request path | |
Request parameters | |
Return value | |
The above is the detailed content of How to implement SMS login in Redis shared session application. For more information, please follow other related articles on the PHP Chinese website!

Redis是现在最热门的key-value数据库,Redis的最大特点是key-value存储所带来的简单和高性能;相较于MongoDB和Redis,晚一年发布的ES可能知名度要低一些,ES的特点是搜索,ES是围绕搜索设计的。

本篇文章给大家带来了关于redis的相关知识,其中主要介绍了关于redis的一些优势和特点,Redis 是一个开源的使用ANSI C语言编写、遵守 BSD 协议、支持网络、可基于内存、分布式存储数据库,下面一起来看一下,希望对大家有帮助。

本篇文章给大家带来了关于redis的相关知识,其中主要介绍了Redis Cluster集群收缩主从节点的相关问题,包括了Cluster集群收缩概念、将6390主节点从集群中收缩、验证数据迁移过程是否导致数据异常等,希望对大家有帮助。

本篇文章给大家带来了关于redis的相关知识,其中主要介绍了Redis实现排行榜及相同积分按时间排序,本文通过实例代码给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,希望对大家有帮助。

本篇文章给大家带来了关于redis的相关知识,其中主要介绍了关于原子操作中命令原子性的相关问题,包括了处理并发的方案、编程模型、多IO线程以及单命令的相关内容,下面一起看一下,希望对大家有帮助。

本篇文章给大家带来了关于redis的相关知识,其中主要介绍了bitmap问题,Redis 为我们提供了位图这一数据结构,位图数据结构其实并不是一个全新的玩意,我们可以简单的认为就是个数组,只是里面的内容只能为0或1而已,希望对大家有帮助。

本篇文章给大家带来了关于redis的相关知识,其中主要介绍了Redis实现排行榜及相同积分按时间排序,本文通过实例代码给大家介绍的非常详细,下面一起来看一下,希望对大家有帮助。

本篇文章给大家带来了关于redis的相关知识,其中主要介绍了关于实现秒杀的相关内容,包括了秒杀逻辑、存在的链接超时、超卖和库存遗留的问题,下面一起来看一下,希望对大家有帮助。


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

SublimeText3 English version
Recommended: Win version, supports code prompts!

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)
