uniLogin 一键登录

1 0 0

一、通过传统服务器连接uniCloud云函数

首先上传云函数：官网地址

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

// 云函数验证签名，此示例中以接受GET请求为例作演示
const crypto = require( 'crypto' )
exports.main = async(event) => {

  const secret = 'your-secret-string' // 自己的密钥不要直接使用示例值，且注意不要泄露
  const hmac = crypto.createHmac( 'sha256' , secret);

  let params = event.queryStringParameters
  const sign = params.sign
  delete params.sign
  const signStr = Object.keys(params).sort().map(key => {
    return `${key}=${params[key]}`
  }).join( '&' )

  hmac.update(signStr);

  if (sign!==hmac.digest( 'hex' )){
    throw new Error( '非法访问' )
  }

  const {
    access_token,
    openid
  } = params
  const res = await uniCloud.getPhoneNumber({
    provider: 'univerify' ,
    appid: 'xxx' , // DCloud appid，不同于callFunction方式调用，使用云函数Url化需要传递DCloud appid参数
    apiKey: 'xxx' , // 在uniCloud控制台开通一键登录服务并获取apiKey
    apiSecret: 'xxx' , // 在uniCloud控制台开通一键登录服务并获取apiSecret
    access_token: access_token,
    openid: openid
  })
  // 返回手机号给自己服务器
  return res
}

　　返回结果：

{
	"data": {
		"code": 0,
		"success": true,
		"phoneNumber": "166xxxx6666"
	},
	"statusCode": 200,
	"header": {
		"Content-Type": "application/json; charset=utf-8",
		"Connection": "keep-alive",
		"Content-Length": "53",
		"Date": "Fri, 06 Nov 2020 08:57:21 GMT",
		"X-CloudBase-Request-Id": "xxxxxxxxxxx",
		"ETag": "xxxxxx"
	},
	"errMsg": "request:ok"
}

java后端工作：

public AuthFrontLoginRespVO uniLogin(AuthUniLoginReqVO reqVO) {

    log.info("uniLogin获取的mobile的accessToken为:{}======openid为:{}" + reqVO.getAccessToken(),reqVO.getOpenid());
    JSONObject result = getUniMobileInfo(reqVO.getAccessToken(), reqVO.getOpenid());
    //失败案例{"success":false,"error":{"code":"FunctionBizError","message":"5000:errCode: 5000 | errMsg: 获取手机号码失败：获取号码失败"}}
    //登录成功{"code":0,"success":true,"phoneNumber":"18888888888"}

    //判断是否正常相应
    if(!result.containsKey("success")){
        log.info(result.toJSONString());
        throw new ServiceException(UNI_GET_MOBILE_FAIL);
    }
    if(!result.getBoolean("success") ){
        log.info(result.toJSONString());
        throw new ServiceException(UNI_GET_MOBILE_FAIL);
    }
    //获取mobile
    String mobile = result.getString("phoneNumber");
    if(!ValidationUtils.isMobile(mobile)){
        log.info(result.toJSONString());
        throw new ServiceException(UNI_GET_MOBILE_FAIL);
    }

    reqVO.setMobile(mobile);
    // 使用uni获取的手机号登录
    OnlineUsersDO user = uniVerify(reqVO);
    // 创建 Token 令牌，记录登录日志
    AuthFrontLoginRespVO respVO=createTokenAfterLoginSuccess(user.getId(),user.getUserName(), LoginLogTypeEnum.LOGIN_UNI);
    respVO.setUserInfo(OnlineUsersConvert.INSTANCE.convertVO(user));
    return respVO;
}

private JSONObject getUniMobileInfo(String accessToken,String openid) {
    JSONObject result = new JSONObject();

    //调用uniapp云函数、置换出、用户手机号码出来。
    String sign = HeaUtil.sha256_HMAC("access_token="+accessToken+"&openid="+openid, this.uniLoginSecret);
    String urlString = this.uniLoginUrl +"?access_token="+accessToken+"&openid="+openid+"&sign="+sign;

    //失败案例{"success":false,"error":{"code":"FunctionBizError","message":"5000:errCode: 5000 | errMsg: 获取手机号码失败：获取号码失败"}}
    //登录成功{"code":0,"success":true,"phoneNumber":"18888888888"}

    try{
        String resultStr = HttpUtil.get(urlString);
        result = JSONObject.parseObject(resultStr);
    }catch (Exception e){
        e.printStackTrace();
        log.error("从uniCloud云函数获取手机号失败");
    }

    return result;
}

package cn.iocoder.yudao.module.system.util;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

/**
 * @Describe: Hmac加密工具类
 */
public class HeaUtil  {


    /**
     * sha256_HMAC加密
     * @param message 消息
     * @param secret 秘钥
     * @return 加密后字符串
     */
    public static String sha256_HMAC(String message, String secret) {
        String hash = "";
        try {
            Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
            SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
            sha256_HMAC.init(secret_key);
            byte[] bytes = sha256_HMAC.doFinal(message.getBytes());
            hash = byteArrayToHexString(bytes);
        } catch (Exception e) {
            System.out.println("Error HmacSHA256 ===========" + e.getMessage());
        }
        return hash;
    }

    /**
     * 将加密后的字节数组转换成字符串
     *
     * @param b
     *字节数组
     * @return 字符串
     */
    private static String byteArrayToHexString(byte[] b) {
        StringBuilder hs = new StringBuilder();
        String stmp;
        for (int n = 0; b != null && n < b.length; n++) {
            stmp = Integer.toHexString(b[n] & 0XFF);
            if (stmp.length() == 1)
                hs.append('0');
            hs.append(stmp);
        }
        return hs.toString().toLowerCase();
    }
}

# 随笔