微信小程序登录数据解密及状态维持实例详解
程序员文章站
2022-06-14 15:49:17
本文实例讲述了微信小程序登录数据解密及状态维持。分享给大家供大家参考,具体如下:
学习过小程序的朋友应该知道,在小程序中是不支持cookie的,借助小程序中的缓存我们也可...
本文实例讲述了微信小程序登录数据解密及状态维持。分享给大家供大家参考,具体如下:
学习过小程序的朋友应该知道,在小程序中是不支持cookie的,借助小程序中的缓存我们也可以存储一些信息,但是对于一些比较重要的信息,我们需要通过登录状态维持来保存,同时,为了安全起见,用户的敏感信息,也是需要加密在网络上传输的。
前台,service。封装了http请求,同时封装了getsession(通过code获取服务器生成的session)、getuserinfo(获取用户信息)、getdecryptiondata(解密数据)
//service.js
//封装了http服务,getuserinfo,提供回调函数
var recourse = {
domain: "http://www.domain.com/"
}
module.exports = {
//http get
requestget: function (url, data, cb) {
wx.request({
url: recourse.domain + url,
data: data,
method: 'get',
header: {},
success: function (res) {
cb(res, true)
},
fail: function () {
cb(data, false)
}
})
},
//http post
requestpost: function (url, data, cb) {
wx.request({
url: recourse.domain + url,
data: data,
method: 'post',
header: {},
success: function (res) {
cb(res, true)
},
fail: function () {
cb(data, false)
}
})
},
//获取第三方sessionid
getsession: function (code, cb) {
wx.request({
url: recourse.domain + 'smallroutine/postcode',
data: { code: code },
method: 'post',
success: function (res) {
cb(res, true)
},
fail: function (res) {
cb(res, false)
}
})
},
//获取用户信息
getuserinfo: function (cb) {
wx.getuserinfo({
success: function (res) {
cb(res, true)
},
fail: function (res) {
cb(res, false)
}
})
},
//获取解密数据
getdecryptiondata: function (cb) {
wx.request({
url: recourse.domain+'smallroutine/decryption',
data: {
encrypteddata: wx.getstoragesync('encrypteddata'),
iv: wx.getstoragesync('iv'),
session: wx.getstoragesync('thirdsessionid'),
},
method: 'post',
success: function (res) {
cb(res, true)
},
fail: function (res) {
cb(res, false)
}
})
}
}
后台,根据code获取session,客户端用来保持登录状态
[httppost]
public actionresult postcode(string code)
{
try
{
if(!string.isnullorempty(code))
{
httpwebrequest request = (httpwebrequest)httpwebrequest.create(string.format("https://api.weixin.qq.com/sns/jscode2session?appid={0}&secret={1}&js_code={2}&grant_type=authorization_code",appid,appsecret,code));
request.method = "get";
httpwebresponse response = (httpwebresponse)request.getresponse();
streamreader sr = new streamreader(response.getresponsestream());
string content = sr.readtoend();
if(response.statuscode == httpstatuscode.ok)
{
var successmodel = newtonsoft.json.jsonconvert.deserializeobject<validatecodesuccess>(content);
if(null != successmodel.session_key)
{
//session_key是微信服务器生成的针对用户数据加密签名的密钥,不应该传输到客户端
var session_key = successmodel.session_key;
//3re_session用于服务器和小程序之间做登录状态校验
var thirdsession = guid.newguid().tostring().replace("-","");
var now = datetime.now;
//存到数据库或者redis缓存,这里一小时过期
service.addlogin(new domain.login()
{
code = code,
createime = now,
openid = successmodel.openid,
overduetime = now.addminutes(60),
sessionkey = successmodel.session_key,
sessionrd = thirdsession
});
return json(new { success = true,session = thirdsession,openid = successmodel.openid });
}
else
{
var errmodel = newtonsoft.json.jsonconvert.deserializeobject<validatecodefail>(content);
return json(new { success = false,msg = errmodel.errcode + ":" + errmodel.errmsg });
}
}
else
{
var errmodel = newtonsoft.json.jsonconvert.deserializeobject<validatecodefail>(content);
return json(new { success = false,msg = errmodel.errcode + ":" + errmodel.errmsg });
}
}
else
{
return json(new { success = false,msg = "code不能为null" });
}
}
catch(exception e)
{
return json(new { success = false });
}
}
解密敏感信息
[httppost]
public actionresult decryption(string encrypteddata,string iv,string session)
{
try
{
var sessionkey = service.getsessionkey(session);
if(!string.isnullorempty(sessionkey))
{
var str = aesdecrypt(encrypteddata,sessionkey,iv);
var data = newtonsoft.json.jsonconvert.deserializeobject<encrypteddata>(str);
if(null != data)
{
//服务器可以更新用户信息
return json(new { success = true,data = data });
}
}
}
catch(exception e)
{
service.addlog("翻译错误:"+e.tostring());
}
return json(new { success = false });
}
aes解密
public static string aesdecrypt(string encrypteddata,string key,string iv)
{
if(string.isnullorempty(encrypteddata)) return "";
byte[] encrypteddata2 = convert.frombase64string(encrypteddata);
system.security.cryptography.rijndaelmanaged rm = new system.security.cryptography.rijndaelmanaged
{
key = convert.frombase64string(key),
iv = convert.frombase64string(iv),
mode = system.security.cryptography.ciphermode.cbc,
padding = system.security.cryptography.paddingmode.pkcs7
};
system.security.cryptography.icryptotransform ctf = rm.createdecryptor();
byte[] resultarray = ctf.transformfinalblock(encrypteddata2,0,encrypteddata2.length);
return encoding.utf8.getstring(resultarray);
}
判断用户是否掉线
[httppost]
public actionresult postsession(string session)
{
if(!string.isnullorempty(session))
{
var logininfo = service.getlogininfo(session);
if(null != logininfo)
{
return json(new { success = true,openid = logininfo.openid });
}
else
{
return json(new { success = false });
}
}
return json(new { success = false });
}
前台index.js
//index.js
var app = getapp()
page({
data: {
userinfo: {},
},
onload: function () {
var that = this
app.getuserinfo(function (userinfo) {
//更新数据
that.setdata({
userinfo: userinfo
})
})
}
})
前台app.js
var service = require('./service/service.js')
var appconfig = {
getuserinfo: function (cb) {
var that = this
if (that.globaldata.userinfo) {
//从缓存中用户信息
} else {
//wx api 登录
wx.login({
success: function (res) {
console.log('登录成功 code 为:' + res.code);
if (res.code) {
service.getsession(res.code, function (res, success) {
if (success) {
console.log('通过 code 获取第三方服务器 session 成功, session 为:' + res.data.session);
//缓存起来
wx.setstoragesync('thirdsessionid', res.data.session);
//wx api 获取用户信息
service.getuserinfo(function (res, success) {
if (success) {
console.log('获取用户信息成功, 加密数据为:' + res.encrypteddata);
console.log('获取用户信息成功, 加密向量为:' + res.iv);
//缓存敏感的用户信息,解密向量
wx.setstoragesync('encrypteddata', res.encrypteddata);
wx.setstoragesync('iv', res.iv);
that.globaldata.userinfo = res.userinfo;
//解密数据
service.getdecryptiondata(function (res, success) {
if (success) {
console.log("解密数据成功");
console.log(res.data.data);
} else {
console.log('解密数据失败');
}
})
} else {
console.log('获取用户信息失败')
}
});
} else {
console.log('通过 code 获取第三方服务器 session 失败');
}
});
} else {
console.log('登录失败:');
}
}
})
}
},
globaldata: {
userinfo: null
}
}
app(appconfig)
运行输出
希望本文所述对大家微信小程序开发有所帮助。
上一篇: 过年吃啥鱼的寓意最好?吃好鱼过好年
下一篇: 肉桂粉是什么有何功效