How to implement SMS login in Redis shared session application

1. Implement SMS login based on session

1.1 SMS login flow chart

1.2 Implementation of sending SMS verification code

Front-end request instructions:

##InstructionsRequest methodPOSTRequest path/user/codeRequest parametersphone (phone number)Return valueNoneBack-end interface implementation:

@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {

    @Override
    public Result sendCode(String phone, HttpSession session) {
        // 1. 校验手机号
        if(RegexUtils.isPhoneInvalid(phone)){
            // 2. 如果不符合，返回错误信息
            return Result.fail("手机号格式错误！");
        }
        // 3. 符合，生成验证码（设置生成6位）
        String code = RandomUtil.randomNumbers(6);
        // 4. 保存验证码到 session
        session.setAttribute("code", code);
        // 5. 发送验证码（这里并未实现，通过日志记录）
        log.debug("发送短信验证码成功，验证码：{}", code);
        // 返回 ok
        return Result.ok();
    }
}

1.3 Implement SMS verification code login and registration

Front-end request instructions

DescriptionRequest methodPOSTRequest path/ user/loginRequest parametersphone (phone number); code (verification code)Return valueNone Backend interface implementation:

@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {

    @Override
    public Result login(LoginFormDTO loginForm, HttpSession session) {
        // 1. 校验手机号
        String phone = loginForm.getPhone();
        if(RegexUtils.isPhoneInvalid(phone)){
            // 不一致，返回错误信息
            return Result.fail("手机号格式错误！");
        }
        // 2. 校验验证码
        String cacheCode = (String) session.getAttribute("code");
        String code = loginForm.getCode();
        if(cacheCode == null || !cacheCode.equals(cacheCode)){
            // 不一致，返回错误信息
            return Result.fail("验证码错误！");
        }
        // 4. 一致，根据手机号查询用户（这里使用的 mybatis-plus）
        User user = query().eq("phone", phone).one();
        // 5. 判断用户是否存在
        if(user == null){
            // 6. 不存在，创建新用户并保存
            user = createUserWithPhone(phone);
        }
        	// 7. 保存用户信息到 session 中（通过 BeanUtil.copyProperties 方法将 user 中的信息过滤到 UserDTO 上，即用来隐藏部分信息）
        session.setAttribute("user", BeanUtil.copyProperties(user, UserDTO.class));
        return Result.ok();
    }

    private User createUserWithPhone(String phone) {
        // 1. 创建用户
        User user = new User();
        user.setPhone(phone);
        user.setNickName("user_" + RandomUtil.randomString(10));
        // 2. 保存用户（这里使用 mybatis-plus）
        save(user);
        return user;
    }
}

1.4 Implement login verification interceptor

Login verification interceptor Implementation:

public class LoginInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 1. 获取 session
        HttpSession session = request.getSession();
        // 2. 获取 session 中的用户
        UserDTO user = (UserDTO) session.getAttribute("user");
        // 3. 判断用户是否存在
        if(user == null){
            // 4. 不存在，拦截，返回 401 未授权
            response.setStatus(401);
            return false;
        }
        // 5. 存在，保存用户信息到 ThreadLocal
        UserHolder.saveUser(user);
        // 6. 放行
        return true;
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        // 移除用户，避免内存泄露
        UserHolder.removeUser();
    }
}

UserHolder class implementation: This class defines a static ThreadLocal

public class UserHolder {
    private static final ThreadLocal<UserDTO> tl = new ThreadLocal<>();

    public static void saveUser(UserDTO user){
        tl.set(user);
    }

    public static UserDTO getUser(){
        return tl.get();
    }

    public static void removeUser(){
        tl.remove();
    }
}

Configuration interceptor:

@Configuration
public class MvcConfig implements WebMvcConfigurer {

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new LoginInterceptor())
                .excludePathPatterns(
                        "/user/login",
                        "/user/code"
                );
    }
}

Front-end request description:

DescriptionRequest methodPOSTRequest path/user/meRequest parametersNoneReturn value NoneBackend interface implementation:

@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {

    @Override
    public Result me() {
        UserDTO user = UserHolder.getUser();
        return Result.ok(user);
    }
}

2. Cluster session sharing problem

session sharing problem :

Multiple tomcats do not share session storage space. When the request is switched to different tomcat services, it will cause data loss.

Session alternatives should meet the following conditions:

• Data sharing (different tomcats can access data in Redis)

• Memory storage (Redis stores through memory)

• key, value structure (Redis is a key-value structure)

3. Based on Redis implements shared session login

3.1 Redis implements shared session login flow chart

##3.2 Implement sending SMS verification code

Front-end request instructions:

Request methodRequest pathRequest parametersReturn value Backend interface implementation ：

Instructions
POST
/user/code
phone(phone number)
None

@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {

    @Resource
    private StringRedisTemplate stringRedisTemplate;

    @Override
    public Result sendCode(String phone, HttpSession session) {
        // 1. 校验手机号
        if (RegexUtils.isPhoneInvalid(phone)) {
            // 2. 如果不符合，返回错误信息
            return Result.fail("手机号格式错误！");
        }
        // 3. 符合，生成验证码（设置生成6位）
        String code = RandomUtil.randomNumbers(6);
        // 4. 保存验证码到 Redis（以手机号为 key，设置有效期为 2min）
        stringRedisTemplate.opsForValue().set("login:code:" + phone, code, 2, TimeUnit.MINUTES);
        // 5. 发送验证码（这里并未实现，通过日志记录）
        log.debug("发送短信验证码成功，验证码：{}", code);
        // 返回 ok
        return Result.ok();
    }
}

3.3 Implement SMS verification code login and registration

Front-end request instructions:

Request methodRequest pathRequest parameters##Return valueNoneBackend interface implementation:

@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {

    @Override
    public Result login(LoginFormDTO loginForm, HttpSession session) {
        // 1. 校验手机号
        String phone = loginForm.getPhone();
        if(RegexUtils.isPhoneInvalid(phone)){
            // 不一致，返回错误信息
            return Result.fail("手机号格式错误！");
        }
        // 2. 校验验证码
        String cacheCode = (String) session.getAttribute("code");
        String code = loginForm.getCode();
        if(cacheCode == null || !cacheCode.equals(cacheCode)){
            // 不一致，返回错误信息
            return Result.fail("验证码错误！");
        }
        // 4. 一致，根据手机号查询用户（这里使用的 mybatis-plus）
        User user = query().eq("phone", phone).one();
        // 5. 判断用户是否存在
        if(user == null){
            // 6. 不存在，创建新用户并保存
            user = createUserWithPhone(phone);
        }
        	// 7. 保存用户信息到 session 中（通过 BeanUtil.copyProperties 方法将 user 中的信息过滤到 UserDTO 上，即用来隐藏部分信息）
        session.setAttribute("user", BeanUtil.copyProperties(user, UserDTO.class));
        return Result.ok();
    }

    private User createUserWithPhone(String phone) {
        // 1. 创建用户
        User user = new User();
        user.setPhone(phone);
        user.setNickName("user_" + RandomUtil.randomString(10));
        // 2. 保存用户（这里使用 mybatis-plus）
        save(user);
        return user;
    }
}

Description
POST
/user/login
phone (phone number); code (verification code)

3.4 Implement login verification interceptor

Here the original interceptor is divided into two interceptors The first interceptor intercepts all requests. Each interception refreshes the validity period of the token and saves the user information that can be queried into ThreadLocal. The second interceptor performs the interception function and intercepts the path that requires login.

Refresh token interceptor implementation:

public class RefreshTokenInterceptor implements HandlerInterceptor {

    private StringRedisTemplate stringRedisTemplate;

    public RefreshTokenInterceptor(StringRedisTemplate stringRedisTemplate){
        this.stringRedisTemplate = stringRedisTemplate;
    }

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 1. 获取请求头中的 token
        String token = request.getHeader("authorization");
        if (StrUtil.isBlank(token)) {
            return true;
        }
        // 2. 基于 token 获取 redis 中的用户
        String tokenKey = "login:token:" + token;
        Map<Object, Object> userMap = stringRedisTemplate.opsForHash().entries(tokenKey);
        // 3. 判断用户是否存在
        if (userMap.isEmpty()) {
            return true;
        }
        // 5. 将查询到的 Hash 数据转为 UserDTO 对象
        UserDTO user = BeanUtil.fillBeanWithMap(userMap, new UserDTO(), false);
        // 6. 存在，保存用户信息到 ThreadLocal
        UserHolder.saveUser(user);
        // 7. 刷新 token 有效期 30 min
        stringRedisTemplate.expire(tokenKey, 30, TimeUnit.MINUTES);
        // 8. 放行
        return true;
    }
}

Login verification interceptor implementation:

public class LoginInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 1. 获取 session
        HttpSession session = request.getSession();
        // 2. 获取 session 中的用户
        UserDTO user = (UserDTO) session.getAttribute("user");
        // 3. 判断用户是否存在
        if(user == null){
            // 4. 不存在，拦截，返回 401 未授权
            response.setStatus(401);
            return false;
        }
        // 5. 存在，保存用户信息到 ThreadLocal
        UserHolder.saveUser(user);
        // 6. 放行
        return true;
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
        // 移除用户，避免内存泄露
        UserHolder.removeUser();
    }
}

UserHolder class implementation: This class defines a static ThreadLocal

public class UserHolder {
    private static final ThreadLocal<UserDTO> tl = new ThreadLocal<>();

    public static void saveUser(UserDTO user){
        tl.set(user);
    }

    public static UserDTO getUser(){
        return tl.get();
    }

    public static void removeUser(){
        tl.remove();
    }
}

Configure interceptor:

@Configuration
public class MvcConfig implements WebMvcConfigurer {

    @Resource
    private StringRedisTemplate stringRedisTemplate;

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(new RefreshTokenInterceptor(stringRedisTemplate))
                .addPathPatterns("/**").order(0);
        registry.addInterceptor(new LoginInterceptor())
                .excludePathPatterns(
                        "/user/login",
                        "/user/code"
                ).order(1);
    }
}

Front-end request description:

Request methodPOSTRequest path/user/meRequest parametersNoneReturn valueNone Backend interface implementation :

@Slf4j
@Service
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {

    @Override
    public Result me() {
        UserDTO user = UserHolder.getUser();
        return Result.ok(user);
    }
}

The above is the detailed content of How to implement SMS login in Redis shared session application. For more information, please follow other related articles on the PHP Chinese website!

Related labels：

redis session

source：yisu.com

Previous article：How to use django redis Next article：What is the SpringSecurity+Redis authentication process?

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Latest Articles by Author

• Create the Future: Java Programming for Absolute Beginners
  2024-10-13 13:32:21
• You're Not Alone: Master Python with a Supportive Community by Your Side
  2024-10-12 11:58:51
• From Novice to Coder: Harness the Power of Python Programming
  2024-10-11 20:06:51
• Think Like a Programmer: Learning the Fundamentals of Java
  2024-10-11 18:59:31
• Java Made Simple: A Beginner's Guide to Programming Power
  2024-10-11 18:30:51
• Build a Blog with PHP: A Beginner-Friendly Project
  2024-10-11 15:51:51
• Speak the Language of Systems: Learn C, One Line at a Time
  2024-10-11 15:42:10
• Data Structures and Algorithms in C: A Beginner-Friendly Approach
  2024-10-11 14:41:20
• Coding Without Tears: Learning C the Easy Way
  2024-10-11 14:08:31
• Data Analysis with Java: A Beginner's Guide to Processing Information
  2024-10-11 13:42:21

Latest Issues

Symfony Redis cannot connect to the host defined in the env file, which defaults to localhost We have a new Symfony setup with Redis as the caching mechanism. We want to connect to a s...

From 2024-04-06 10:53:02

0

1

375

Related Topics

More>

• Reasons for session failure
• Session failure solution
• Commonly used database software
• What are the in-memory databases?
• Which one has faster reading speed, mongodb or redis?
• How to use redis as a cache server
• How redis solves data consistency
• How do mysql and redis ensure double-write consistency?

Popular Recommendations

• How to query data in redis
• What are non-relational databases?
• What are the data types of Redis?
• How to check the Redis version number?
• What is the difference between MongoDB and Redis

Popular Tutorials

More>

Related Tutorials

Popular Recommendations

Latest courses

• 
  The latest ThinkPHP 5.1 world premiere video tutorial (60 days to become a PHP expert online training course)

  1420860
• 
  PHP introductory tutorial one: Learn PHP in one week

  4264342
• 
  JAVA Beginner's Video Tutorial

  2513164
• 
  Little Turtle's zero-based introduction to learning Python video tutorial

  505938
• 
  PHP zero-based introductory tutorial

  861084

• 
  The latest ThinkPHP 5.1 world premiere video tutorial (60 days to become a PHP expert online training course)

  1420860 times of learning
• 
  JAVA Beginner's Video Tutorial

  2513164 times of learning
• 
  Little Turtle's zero-based introduction to learning Python video tutorial

  505938 times of learning
• 
  Quick introduction to web front-end development

  215592 times of learning
• 
  Master PS video tutorials from scratch

  885581 times of learning

• 
  [Web front-end] Node.js quick start

  7140 times of learning
• 
  Complete collection of foreign web development full-stack courses

  5545 times of learning
• 
  Go language practical GraphQL

  4670 times of learning
• 
  550W fan master learns JavaScript from scratch step by step

  669 times of learning
• 
  Python master Mosh, a beginner with zero basic knowledge can get started in 6 hours

  23606 times of learning

Latest Downloads

More>

Web Effects

Website Source Code

Website Materials

Front End Template

• [form button] jQuery enterprise message form contact code
• [Player special effects] HTML5 MP3 music box playback effects
• [Menu navigation] HTML5 cool particle animation navigation menu special effects
• [form button] jQuery visual form drag and drop editing code
• [Player special effects] VUE.JS imitation Kugou music player code
• [html5 special effects] Classic html5 pushing box game
• [Picture special effects] jQuery scrolling to add or reduce image effects
• [Photo album effects] CSS3 personal album cover hover zoom effect

• [Front-end template] Home Decor Cleaning and Repair Service Company Website Template
• [Front-end template] Fresh color personal resume guide page template
• [Front-end template] Designer Creative Job Resume Web Template
• [Front-end template] Modern engineering construction company website template
• [Front-end template] Responsive HTML5 template for educational service institutions
• [Front-end template] Online e-book store mall website template
• [Front-end template] IT technology solves Internet company website template
• [Front-end template] Purple style foreign exchange trading service website template

• [PNG material] Cute summer elements vector material (EPS PNG)
• [PNG material] Four red 2023 graduation badges vector material (AI EPS PNG)
• [banner picture] Singing bird and cart filled with flowers design spring banner vector material (AI EPS)
• [PNG material] Golden graduation cap vector material (EPS PNG)
• [PNG material] Black and white style mountain icon vector material (EPS PNG)
• [PNG material] Superhero silhouette vector material (EPS PNG) with different color cloaks and different poses
• [banner picture] Flat style Arbor Day banner vector material (AI+EPS)
• [PNG material] Nine comic-style exploding chat bubbles vector material (EPS+PNG)

• [Front-end template] Home Decor Cleaning and Repair Service Company Website Template
• [Front-end template] Fresh color personal resume guide page template
• [Front-end template] Designer Creative Job Resume Web Template
• [Front-end template] Modern engineering construction company website template
• [Front-end template] Responsive HTML5 template for educational service institutions
• [Front-end template] Online e-book store mall website template
• [Front-end template] IT technology solves Internet company website template
• [Front-end template] Purple style foreign exchange trading service website template

Public welfare online PHP training，Help PHP learners grow quickly！

About us Disclaimer Sitemap

© php.cn All rights reserved

Description