uniapp微信小程序授权登录并获取手机号的方法
新版:前端要授权两次,一次获取用户信息授权码code,另外一次获取用户手机授权码code,全部传给后端。后端通过用户信息授权码获取openid,通过手机授权码获取手机号码。老版:前端传给后端授权码code和用户手机授权回调 里的iv和encryptedData给后端,后端通过code获取openid和sessionKey,然后他用sessionKey和iv解密encryptedData获取手机号。最后通过手机号进行绑定用户,然后通过登录验证返回给前端登录凭证token。
登录逻辑
新版
1.调用uni.login()获取code1
2.用户主动触发button按钮在回调getPhoneNumber获取code2
<button open-type="getPhoneNumber" bindgetphonenumber="getPhoneNumber"></button> Page({ getPhoneNumber (e) { console.log(e.detail.code) } })
3.后端拿到code1获取openid ,code2获取手机号码(代码在api里面)
老版
1.先在onshow()生命周期中获取code
2.用户主动触发button按钮在回调getPhoneNumber获取iv和encryptedData
<button open-type="getPhoneNumber" bindgetphonenumber="getPhoneNumber"></button> Page({ getPhoneNumber (e) { console.log(e.detail.errMsg) console.log(e.detail.iv) console.log(e.detail.encryptedData) } })
3.后端拿到code、iv、encryptedData,然后code获取openid和sessionKey,然后通过sessionKey和iv解密encryptedData获取到手机号
获取得到的解密数据为以下 json 结构: { "phoneNumber": "13580006666", "purePhoneNumber": "13580006666", "countryCode": "86", "watermark": { "appid":"APPID", "timestamp": TIMESTAMP } }
解密工具类
package hry.project.cdwjs.wxLogin; import org.apache.commons.codec.binary.Base64; import org.bouncycastle.jce.provider.BouncyCastleProvider; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import java.nio.charset.StandardCharsets; import java.security.*; /** * @author qyb * @version 1.0 * @date 2023/3/13-9:38 */ public class WxDecryptUtills { public static boolean initialized = false; /** * Adds a provider to the next position available. */ public static void initialize() { if (initialized) return; // Construct a new provider. This should only be required when // using runtime registration of the provider using the Security.addProvider(new BouncyCastleProvider()); initialized = true; } // iv处理 public static AlgorithmParameters generateIV(byte[] iv) throws Exception{ AlgorithmParameters params = AlgorithmParameters.getInstance("AES"); params.init(new IvParameterSpec(iv)); return params; } /** * AES解密 * @param content 密文 * @param keyByte sessionKey * @param ivByte iv * @return 解密json数据 */ public static byte[] decrypt(byte[] content, byte[] keyByte, byte[] ivByte) { initialize(); try { Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding"); Key sKeySpec = new SecretKeySpec(keyByte, "AES"); // cipher 初始化 cipher.init(Cipher.DECRYPT_MODE, sKeySpec, generateIV(ivByte)); return cipher.doFinal(content); } catch (Exception e) { e.printStackTrace(); } return null; } /** * 微信小程序用户信息解密 * @param encryptedData 加密数据 * @param sessionKey 会话密钥 * @param iv 向量 * @return {@link String} */ public static String decrypt(String encryptedData, String sessionKey, String iv){ try { byte[] resultByte = decrypt(Base64.decodeBase64(encryptedData), Base64.decodeBase64(sessionKey), Base64.decodeBase64(iv)); if(null != resultByte && resultByte.length > 0){ return new String(resultByte, StandardCharsets.UTF_8); } } catch (Exception e) { e.printStackTrace(); } return null; } }
api
package hry.project.cdwjs.wxLogin.impl; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; import hry.bean.JsonResult; import hry.business.cu.model.CuCustomer; import hry.business.cu.service.CuCustomerService; import hry.project.cdwjs.wxLogin.WxDecryptUtills; import hry.project.cdwjs.wxLogin.WxLoginService; import hry.project.cdwjs.wxLogin.WxLoginVo; import hry.redis.RedisService; import hry.security.jwt.JWTToken; import hry.security.jwt.JWTUtil; import hry.utils.HttpUtils; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; import java.util.HashMap; /** * @author qyb * @version 1.0 * @date 2023/3/9-17:38 */ @Service @Slf4j public class WxLoginServiceImpl implements WxLoginService { @Value("${wxLogin.appId}") private String appId; @Value("${wxLogin.appSecret}") private String appSecret; @Autowired private CuCustomerService cuCustomerService; @Autowired private RedisService redisService; /** * 获取accesstoken * * @return */ private String getAccessToken() { String accessToken = ""; String url = "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=" + appId + "&secret=" + appSecret; try { String resultString = HttpUtils.get(url); log.info("获取微信accessToken:{}", resultString); if (StringUtils.isNotEmpty(resultString)) { JSONObject jsonObject = JSON.parseObject(resultString); accessToken = jsonObject.get("access_token").toString(); } else { log.error("返回值为空,请检查请求报文或者请求地址是否正确"); } } catch (Exception e) { e.printStackTrace(); } return accessToken; } /** * 获取手机号 */ private String getPhoneNumber(String code) { String phoneNumber = ""; String url = "https://api.weixin.qq.com/wxa/business/getuserphonenumber?access_token=" + getAccessToken(); HashMap<String, String> params = new HashMap<>(); params.put("code", code); try { String resultString = HttpUtils.postByQuery(url, params, null); log.info("获取微信手机号码:{}", resultString); if (StringUtils.isNotEmpty(resultString)) { JSONObject jsonObject = JSON.parseObject(resultString); JSONObject phone_info = jsonObject.getJSONObject("phone_info"); phoneNumber = phone_info.getString("phoneNumber"); } else { log.error("返回值为空,请检查请求报文或者请求地址是否正确"); } } catch (Exception e) { e.printStackTrace(); } return phoneNumber; } /** * 获取openId */ private String getOpenId(String code) { String url = "https://api.weixin.qq.com/sns/jscode2session?appid=" + appId + "&secret=" + appSecret + "&js_code=" + code + "&grant_type=authorization_code"; try { String resultString = HttpUtils.get(url); log.info("获取微信openId:{}", resultString); if (StringUtils.isNotEmpty(resultString)) { return resultString; } else { log.error("返回值为空,请检查请求报文或者请求地址是否正确"); } } catch (Exception e) { e.printStackTrace(); } return ""; } @Override public JsonResult loginByWx(WxLoginVo wxLoginVo) { String res = this.getOpenId(wxLoginVo.getUserInfoCode()); JSONObject jsonObject = JSONObject.parseObject(res); String openId = jsonObject.getString("openid"); String sessionKey = jsonObject.getString("session_key"); if (StringUtils.isEmpty(openId)) { return new JsonResult().setMsg("未获取到openId,登录失败"); } String data = WxDecryptUtills.decrypt(wxLoginVo.getEncryptData(), sessionKey, wxLoginVo.getIv()); JSONObject jsonObject1 = JSONObject.parseObject(data); String phoneNumber =jsonObject1.getString("phoneNumber"); if (StringUtils.isEmpty(phoneNumber)) { return new JsonResult().setMsg("未获取到手机号,登录失败"); } CuCustomer cuCustomer = cuCustomerService.checkMobile(phoneNumber); if (cuCustomer == null) { // 注册 cuCustomer = cuCustomerService.regist3(openId, phoneNumber, wxLoginVo.getNickname(), wxLoginVo.getAvatar()); } else { // 写入微信openid if (StringUtils.isEmpty(cuCustomer.getWxOpenId())) { cuCustomer.setWxOpenId(openId); } cuCustomer.setWxAvatar(wxLoginVo.getAvatar()); cuCustomerService.update(cuCustomer); } // 登录 String token = JWTUtil.sign(phoneNumber, JWTToken.SOURCE_PC, JWTToken.TYPE_CUSTOMER, cuCustomer.getPassword()); redisService.save(JWTUtil.getCustomerRefreshTimeKey(token), JSON.toJSONString(cuCustomer), JWTUtil.REFRESH_TIME); redisService.save(JWTUtil.getCustomerUserKey(token), JSON.toJSONString(cuCustomer), JWTUtil.EXPIRE_TIME); //防止用户多端登录,产生多个token String oldTokenStr = redisService.get("LOGINCUCUSTOMER:" + cuCustomer.getId()); if (StringUtils.isNotEmpty(oldTokenStr)) { JWTToken oldToken = new JWTToken(oldTokenStr); redisService.delete("JWT:token:" + oldToken.getSource() + ":" + oldToken.getType() + ":refreshTime:" + oldToken.getSignId()); redisService.delete("JWT:token:" + oldToken.getSource() + ":" + oldToken.getType() + ":user:" + oldToken.getSignId()); } redisService.save("LOGINCUCUSTOMER:" + cuCustomer.getId(), token); HashMap<String, Object> map = new HashMap<>(); map.put("token", token); return new JsonResult().setSuccess(true).setObj(map); } }
注意:老版调用过程中一定要先调用uni.login(),再去触发button获取手机号,不然会导致sessionKey失效,从而使得后端解密失败。
总结
到此这篇关于uniapp微信小程序授权登录并获取手机号的文章就介绍到这了,更多相关uniapp微信小程序授权登录内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!
相关文章
firefox事件处理之自动查找event的函数(用于onclick=foo())
在ie中,事件对象是作为一个全局变量来保存和维护的。 所有的浏览器事件,不管是用户触发的,还是其他事件, 都会更新window.event 对象。2010-08-08基于d3.js/neovis.js/neod3.js实现链接neo4j图形数据库的图像化显示功能
neovis.js 由vis.js支持的图形可视化以及来自Neo4j的数据。这篇文章主要介绍了基于d3.js/neovis.js/neod3.js实现链接neo4j图形数据库的图像化显示功能,需要的朋友可以参考下2022-02-02
最新评论